3:28 p.m.
Hello,
the following patches add full support for qcow/qcow2 volume encryption,
assuming a client that supports it.
(Main changes since the previous version:
* Use a separate API for "secret" management
* Auto-generate the encryption format and passphrase if not supplied
See the specific patch change logs for more details; patches without
change logs are entirely new.)
New XML tags are defined to represent encryption parameters (currently
format and passphrase, more can be added in the future), e.g.
<encryption format='qcow'>
<secret type='passphrase'
secret_id='724d95f2-0ed2-6ff9-84d0-0f3d1618428d'/>
</encryption>
The <encryption> tag can be added to a <volume> node passed to
virStorageVolCreateXML() to create an encrypted volume, or to a
<disk> node inside a <domain> to specify what encryption parameters to
use for a domain.
secret_id above refers to a separately-managed secret, which was set
using virSecretSetValue(). Other properties of the secret can be
managed using an XML representation.
Detailed documentation of the formats and features is inside the patches.
3:28 p.m.
New subject: [libvirt] [PATCH 01/20] Secret manipulation step 1: Public API
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.
Rather than add explicit accessors for attributes of secrets, and
hard-code the "secrets are related to storage volumes" association in
the API, the API uses XML to manipulate the association as well as
other attributes, similarly to other areas of libvirt.
The user can allocate an ID for the secret using virSecretAllocateID()
(or use some other way to allocate secret IDs, e.g. reuse IDs used by
the user in other databases), set attributes of the secret using XML, e.g.
<secret ephemeral='no' private='yes'>
<volume>/var/lib/libvirt/images/mail.img</volume>
<description>LUKS passphrase for our mail server</description>
</secret>
The secret value can be either generated and stored by libvirt during
volume creation, or supplied by the user using virSecretSetValue().
A simple API is provided for enumeration of all secrets. Very large
deployments will manage secret IDs automatically, so it is probably not
necessary to provide a specialized lookup function (allowing the volume
key -> secret ID lookup in less than O(number of secrets)). These
functions can eventually be added later.
---
docs/format.html | 4 +
docs/formatcaps.html | 4 +
docs/formatdomain.html | 4 +
docs/formatnetwork.html | 4 +
docs/formatnode.html | 4 +
docs/formatsecret.html | 166 ++++++++++++++++++++++++++++++++++++++++++
docs/formatsecret.html.in | 46 ++++++++++++
docs/formatstorage.html | 4 +
docs/schemas/Makefile.am | 1 +
docs/schemas/secret.rng | 39 ++++++++++
docs/sitemap.html | 3 +
docs/sitemap.html.in | 4 +
include/libvirt/libvirt.h | 24 ++++++
include/libvirt/libvirt.h.in | 24 ++++++
src/libvirt_public.syms | 8 ++
15 files changed, 339 insertions(+), 0 deletions(-)
create mode 100644 docs/formatsecret.html
create mode 100644 docs/formatsecret.html.in
create mode 100644 docs/schemas/secret.rng
diff --git a/docs/format.html b/docs/format.html
index e97d0e7..8aed8d3 100644
--- a/docs/format.html
+++ b/docs/format.html
@@ -70,6 +70,10 @@
<div>
<a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
</div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
</li></ul>
</div>
</li><li>
diff --git a/docs/formatcaps.html b/docs/formatcaps.html
index 5b20aac..8e2e5d1 100644
--- a/docs/formatcaps.html
+++ b/docs/formatcaps.html
@@ -70,6 +70,10 @@
<div>
<a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
</div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
</li></ul>
</div>
</li><li>
diff --git a/docs/formatdomain.html b/docs/formatdomain.html
index 5415200..bbce989 100644
--- a/docs/formatdomain.html
+++ b/docs/formatdomain.html
@@ -70,6 +70,10 @@
<div>
<a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
</div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
</li></ul>
</div>
</li><li>
diff --git a/docs/formatnetwork.html b/docs/formatnetwork.html
index 0b25a0b..6049492 100644
--- a/docs/formatnetwork.html
+++ b/docs/formatnetwork.html
@@ -70,6 +70,10 @@
<div>
<a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
</div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
</li></ul>
</div>
</li><li>
diff --git a/docs/formatnode.html b/docs/formatnode.html
index 4d30b0c..cca75ff 100644
--- a/docs/formatnode.html
+++ b/docs/formatnode.html
@@ -70,6 +70,10 @@
<div>
<span class="active">Node Devices</span>
</div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
</li></ul>
</div>
</li><li>
diff --git a/docs/formatsecret.html b/docs/formatsecret.html
new file mode 100644
index 0000000..8c6e0c6
--- /dev/null
+++ b/docs/formatsecret.html
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<!--
+ This file is autogenerated from formatsecret.html.in
+ Do not edit this file. Changes will be lost.
+ -->
+ <head>
+ <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1" />
+ <link rel="stylesheet" type="text/css"
href="main.css" />
+ <link rel="SHORTCUT ICON" href="32favicon.png" />
+ <title>libvirt: Secret attributes XML format</title>
+ <meta name="description" content="libvirt, virtualization,
virtualization API" />
+ </head>
+ <body>
+ <div id="header">
+ <div id="headerLogo"></div>
+ <div id="headerSearch">
+ <form action="search.php"
enctype="application/x-www-form-urlencoded"
method="get"><div>
+ <input id="query" name="query" type="text"
size="12" value="" />
+ <input id="submit" name="submit"
type="submit" value="Search" />
+ </div></form>
+ </div>
+ </div>
+ <div id="body">
+ <div id="menu">
+ <ul class="l0"><li>
+ <div>
+ <a title="Front page of the libvirt website"
class="inactive" href="index.html">Home</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Details of new features and bugs fixed in each
release" class="inactive" href="news.html">News</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Get the latest source releases, binary builds and get
access to the source repository" class="inactive"
href="downloads.html">Downloads</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Information for users, administrators and
developers" class="active"
href="docs.html">Documentation</a>
+ <ul class="l1"><li>
+ <div>
+ <a title="Information about deploying and using libvirt"
class="inactive" href="deployment.html">Deployment</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Overview of the logical subsystems in the libvirt
API" class="inactive"
href="intro.html">Architecture</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Description of the XML formats used in
libvirt" class="active" href="format.html">XML
format</a>
+ <ul class="l2"><li>
+ <div>
+ <a title="The domain XML format"
class="inactive" href="formatdomain.html">Domains</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The virtual network XML format"
class="inactive" href="formatnetwork.html">Networks</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The storage pool and volume XML format"
class="inactive" href="formatstorage.html">Storage</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
+ </div>
+ </li><li>
+ <div>
+ <span class="active">Secrets</span>
+ </div>
+ </li></ul>
+ </div>
+ </li><li>
+ <div>
+ <a title="Hypervisor specific driver information"
class="inactive" href="drivers.html">Drivers</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Reference manual for the C public API"
class="inactive" href="html/index.html">API reference</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Bindings of the libvirt API for other
languages" class="inactive" href="bindings.html">Language
bindings</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Working on the internals of libvirt API, driver and
daemon code" class="inactive"
href="internals.html">Internals</a>
+ </div>
+ </li></ul>
+ </div>
+ </li><li>
+ <div>
+ <a title="User contributed content" class="inactive"
href="http://wiki.libvirt.org">Wiki</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Frequently asked questions"
class="inactive" href="FAQ.html">FAQ</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="How and where to report bugs and request features"
class="inactive" href="bugs.html">Bug reports</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="How to contact the developers via email and IRC"
class="inactive" href="contact.html">Contact</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Miscellaneous links of interest related to libvirt"
class="inactive" href="relatedlinks.html">Related Links</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Overview of all content on the website"
class="inactive" href="sitemap.html">Sitemap</a>
+ </div>
+ </li></ul>
+ </div>
+ <div id="content">
+ <h1>Secret attributes XML format</h1>
+ <ul><li>
+ <a href="#SecretAttributes">Secret attributes XML</a>
+ </li><li>
+ <a href="#example">Example</a>
+ </li></ul>
+ <h2>
+ <a name="SecretAttributes"
id="SecretAttributes">Secret attributes XML</a>
+ </h2>
+ <p>
+ Secrets stored by libvirt may have attributes associated with them, using
+ the <code>secret</code> element. The <code>secret</code>
element has two
+ optional attributes, each with values '<code>yes</code>' and
+ '<code>no</code>', and defaulting to
'<code>no</code>':
+ </p>
+ <dl><dt><code>ephemeral</code></dt><dd>This
secret must only be kept in memory, never stored persistently.
+ </dd><dt><code>private</code></dt><dd>The value
of the secret must not be revealed to any caller of libvirt,
+ nor to any other node.
+ </dd></dl>
+ <p>
+ The top-level <code>secret</code> element may contain the following
+ elements:
+ </p>
+ <dl><dt><code>volume</code></dt><dd>Key of a
volume this secret is associated with. It is safe to delete
+ the secret after the volume is deleted.
+ </dd><dt><code>description</code></dt><dd>A
human-readable description of the purpose of the secret.
+ </dd></dl>
+ <h2>
+ <a name="example" id="example">Example</a>
+ </h2>
+ <pre>
+ <secret ephemeral='no' private='yes'>
+ <volume>/var/lib/libvirt/images/mail.img</volume>
+ <description>LUKS passphrase for the main hard drive of our mail
server</description>
+ </secret></pre>
+ </div>
+ </div>
+ <div id="footer">
+ <p id="sponsor">
+ Sponsored by:<br /><a href="http://et.redhat.com/"><img
src="et.png" alt="Project sponsored by Red Hat Emerging Technology"
/></a></p>
+ </div>
+ </body>
+</html>
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
new file mode 100644
index 0000000..0960d86
--- /dev/null
+++ b/docs/formatsecret.html.in
@@ -0,0 +1,46 @@
+<html>
+ <body>
+ <h1>Secret attributes XML format</h1>
+
+ <ul id="toc"></ul>
+
+ <h2><a name="SecretAttributes">Secret attributes
XML</a></h2>
+
+ <p>
+ Secrets stored by libvirt may have attributes associated with them, using
+ the <code>secret</code> element. The <code>secret</code>
element has two
+ optional attributes, each with values '<code>yes</code>' and
+ '<code>no</code>', and defaulting to
'<code>no</code>':
+ </p>
+ <dl>
+ <dt><code>ephemeral</code></dt>
+ <dd>This secret must only be kept in memory, never stored persistently.
+ </dd>
+ <dt><code>private</code></dt>
+ <dd>The value of the secret must not be revealed to any caller of libvirt,
+ nor to any other node.
+ </dd>
+ </dl>
+ <p>
+ The top-level <code>secret</code> element may contain the following
+ elements:
+ </p>
+ <dl>
+ <dt><code>volume</code></dt>
+ <dd>Key of a volume this secret is associated with. It is safe to delete
+ the secret after the volume is deleted.
+ </dd>
+ <dt><code>description</code></dt>
+ <dd>A human-readable description of the purpose of the secret.
+ </dd>
+ </dl>
+
+ <h2><a name="example">Example</a></h2>
+
+ <pre>
+ <secret ephemeral='no' private='yes'>
+ <volume>/var/lib/libvirt/images/mail.img</volume>
+ <description>LUKS passphrase for the main hard drive of our mail
server</description>
+ </secret></pre>
+ </body>
+</html>
diff --git a/docs/formatstorage.html b/docs/formatstorage.html
index 91e63b4..e21e3d2 100644
--- a/docs/formatstorage.html
+++ b/docs/formatstorage.html
@@ -70,6 +70,10 @@
<div>
<a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
</div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
</li></ul>
</div>
</li><li>
diff --git a/docs/schemas/Makefile.am b/docs/schemas/Makefile.am
index ef41a63..a064518 100644
--- a/docs/schemas/Makefile.am
+++ b/docs/schemas/Makefile.am
@@ -5,6 +5,7 @@ schema_DATA = \
domain.rng \
interface.rng \
network.rng \
+ secret.rng \
storagepool.rng \
storagevol.rng \
nodedev.rng \
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
new file mode 100644
index 0000000..3d70412
--- /dev/null
+++ b/docs/schemas/secret.rng
@@ -0,0 +1,39 @@
+<!-- A Relax NG schema for the libvirt secret properties XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0">
+ <start>
+ <ref name='secret'/>
+ </start>
+
+ <define name='secret'>
+ <element name='secret'>
+ <optional>
+ <attribute name='ephemeral'>
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ </choice>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name='private'>
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ </choice>
+ </attribute>
+ </optional>
+ <interleave>
+ <optional>
+ <element name='description'>
+ <text/>
+ </element>
+ </optional>
+ <optional>
+ <element name='volume'>
+ <text/>
+ </element>
+ </optional>
+ </interleave>
+ </element>
+ </define>
+</grammar>
diff --git a/docs/sitemap.html b/docs/sitemap.html
index f79a533..cf43088 100644
--- a/docs/sitemap.html
+++ b/docs/sitemap.html
@@ -141,6 +141,9 @@
</li><li>
<a href="formatnode.html">Node Devices</a>
<span>The host device XML format</span>
+ </li><li>
+ <a href="formatsecret.html">Secrets</a>
+ <span>The secret attribute XML format</span>
</li></ul></li><li>
<a href="drivers.html">Drivers</a>
<span>Hypervisor specific driver information</span>
diff --git a/docs/sitemap.html.in b/docs/sitemap.html.in
index 9589878..4c4dfa4 100644
--- a/docs/sitemap.html.in
+++ b/docs/sitemap.html.in
@@ -106,6 +106,10 @@
<a href="formatnode.html">Node Devices</a>
<span>The host device XML format</span>
</li>
+ <li>
+ <a href="formatsecret.html">Secrets</a>
+ <span>The secret attribute XML format</span>
+ </li>
</ul>
</li>
<li>
diff --git a/include/libvirt/libvirt.h b/include/libvirt/libvirt.h
index 86f56e5..eca9816 100644
--- a/include/libvirt/libvirt.h
+++ b/include/libvirt/libvirt.h
@@ -1448,6 +1448,30 @@ void virEventRegisterImpl(virEventAddHandleFunc addHandle,
virEventAddTimeoutFunc addTimeout,
virEventUpdateTimeoutFunc updateTimeout,
virEventRemoveTimeoutFunc removeTimeout);
+
+/*
+ * Secret manipulation API
+ */
+char * virSecretAllocateID (virConnectPtr conn);
+int virSecretSetXML (virConnectPtr conn,
+ const char *secret_id,
+ const char *xml);
+char * virSecretGetXML (virConnectPtr conn,
+ const char *secret_id);
+int virSecretSetValue (virConnectPtr conn,
+ const char *secret_id,
+ const void *secret,
+ size_t secret_size);
+void * virSecretGetValue (virConnectPtr conn,
+ const char *secret_id,
+ size_t *secret_size);
+int virSecretDelete (virConnectPtr conn,
+ const char *secret_id);
+int virSecretNumOfSecrets (virConnectPtr conn);
+int virSecretListSecrets (virConnectPtr conn,
+ char **ids,
+ int maxids);
+
#ifdef __cplusplus
}
#endif
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index e6536c7..093c89e 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -1448,6 +1448,30 @@ void virEventRegisterImpl(virEventAddHandleFunc addHandle,
virEventAddTimeoutFunc addTimeout,
virEventUpdateTimeoutFunc updateTimeout,
virEventRemoveTimeoutFunc removeTimeout);
+
+/*
+ * Secret manipulation API
+ */
+char * virSecretAllocateID (virConnectPtr conn);
+int virSecretSetXML (virConnectPtr conn,
+ const char *secret_id,
+ const char *xml);
+char * virSecretGetXML (virConnectPtr conn,
+ const char *secret_id);
+int virSecretSetValue (virConnectPtr conn,
+ const char *secret_id,
+ const void *secret,
+ size_t secret_size);
+void * virSecretGetValue (virConnectPtr conn,
+ const char *secret_id,
+ size_t *secret_size);
+int virSecretDelete (virConnectPtr conn,
+ const char *secret_id);
+int virSecretNumOfSecrets (virConnectPtr conn);
+int virSecretListSecrets (virConnectPtr conn,
+ char **ids,
+ int maxids);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index c06f51e..fc21082 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -289,6 +289,14 @@ LIBVIRT_0.7.0 {
global:
virConnectNumOfDefinedInterfaces;
virConnectListDefinedInterfaces;
+ virSecretAllocateID;
+ virSecretSetXML;
+ virSecretGetXML;
+ virSecretSetValue;
+ virSecretGetValue;
+ virSecretDelete;
+ virSecretNumOfSecrets;
+ virSecretListSecrets;
} LIBVIRT_0.6.4;
# .... define new API here using predicted next version number ....
--
1.6.2.5
10:22 a.m.
New subject: [libvirt] [PATCH 01/20] Secret manipulation step 1: Public API
On Tue, Aug 04, 2009 at 10:28:16PM +0200, Miloslav Trma?? wrote:
This patch adds a "secret" as a separately managed object,
using a
special-purpose API to transfer the secret values between nodes and
libvirt users.
Rather than add explicit accessors for attributes of secrets, and
hard-code the "secrets are related to storage volumes" association in
the API, the API uses XML to manipulate the association as well as
other attributes, similarly to other areas of libvirt.
The user can allocate an ID for the secret using virSecretAllocateID()
(or use some other way to allocate secret IDs, e.g. reuse IDs used by
the user in other databases), set attributes of the secret using XML, e.g.
<secret ephemeral='no' private='yes'>
<volume>/var/lib/libvirt/images/mail.img</volume>
<description>LUKS passphrase for our mail server</description>
</secret>
The secret value can be either generated and stored by libvirt during
volume creation, or supplied by the user using virSecretSetValue().
A simple API is provided for enumeration of all secrets. Very large
deployments will manage secret IDs automatically, so it is probably not
necessary to provide a specialized lookup function (allowing the volume
key -> secret ID lookup in less than O(number of secrets)). These
functions can eventually be added later.
diff --git a/include/libvirt/libvirt.h.in
b/include/libvirt/libvirt.h.in
index e6536c7..093c89e 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -1448,6 +1448,30 @@ void virEventRegisterImpl(virEventAddHandleFunc addHandle,
virEventAddTimeoutFunc addTimeout,
virEventUpdateTimeoutFunc updateTimeout,
virEventRemoveTimeoutFunc removeTimeout);
+
+/*
+ * Secret manipulation API
+ */
+char * virSecretAllocateID (virConnectPtr conn);
+int virSecretSetXML (virConnectPtr conn,
+ const char *secret_id,
+ const char *xml);
+char * virSecretGetXML (virConnectPtr conn,
+ const char *secret_id);
+int virSecretSetValue (virConnectPtr conn,
+ const char *secret_id,
+ const void *secret,
+ size_t secret_size);
+void * virSecretGetValue (virConnectPtr conn,
+ const char *secret_id,
+ size_t *secret_size);
+int virSecretDelete (virConnectPtr conn,
+ const char *secret_id);
+int virSecretNumOfSecrets (virConnectPtr conn);
+int virSecretListSecrets (virConnectPtr conn,
+ char **ids,
+ int maxids);
+
This looks like a reasonable set of operations to start with, just
have a couple of minor tweaks to suggest.
- Instead of using "const char *secret_id" as the entity to
pass around the APIs, introduce a opaque struct type.
eg in libvirt.h.in
typedef struct _virSecret virSecret;
typedef virSecret *virSecretPtr;
and internally in datatypes.h, have that struct be
struct _virSecret {
unsigned int magic; /* specific value to check */
int refs; /* reference count */
virConnectPtr conn; /* pointer back to the connection */
unsigned char uuid[VIR_UUID_BUFLEN]; /* the unique secret identifier */
};
this just gives us a little more flexibility in the API for dealing with
the unexpected in the future, and follows the paradigm of the other APIs.
- Rename virSecretSetXML() to virSecretDefineXML() and
rename virSecretDelete() to virSecretUndefine()
Again this is simply for consistency with API naming scheme used by
other objects in libvirt.
virSecretAllocateID() would then be unneccessary, since virSecretDefineXML
would simply return an instance of the virSecretPtr object. We would
probably want a virSecretGetUUID() method to retrieve the id for an
object, and a virSecretLookupByID() method to fetch an existing secret
based off its identifier - that would allow O(1) lookup from the ID
in a volume XML doc as you suggested.
In the SetValue/GetValue fields you have a
const void *secret
size_t secret_size
This implies an arbitrary data type being passed in or out. I'm guessing
that you're really meaning a opaque byte array, in which case I think it
would be preferrable to use 'unsigned char *' for the data instead of
'void *'
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
3:28 p.m.
New subject: [libvirt] [PATCH 02/20] Secret manipulation step 2: Internal API
Adds a new driver type.
---
include/libvirt/virterror.h | 2 +
src/datatypes.h | 1 +
src/driver.h | 61 +++++++++++++++++++++++++++++++++++++++++++
src/libvirt.c | 55 ++++++++++++++++++++++++++++++++++++++
src/virterror.c | 9 ++++++
5 files changed, 128 insertions(+), 0 deletions(-)
diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h
index e4d013f..64e0143 100644
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -67,6 +67,7 @@ typedef enum {
VIR_FROM_ONE, /* Error from OpenNebula driver */
VIR_FROM_ESX, /* Error from ESX driver */
VIR_FROM_PHYP, /* Error from IBM power hypervisor */
+ VIR_FROM_SECRET, /* Error from secret storage */
} virErrorDomain;
@@ -166,6 +167,7 @@ typedef enum {
VIR_ERR_NO_INTERFACE, /* interface driver not running */
VIR_ERR_INVALID_INTERFACE, /* invalid interface object */
VIR_ERR_MULTIPLE_INTERFACES, /* more than one matching interface found */
+ VIR_WAR_NO_SECRET, /* failed to start secret storage */
} virErrorNumber;
/**
diff --git a/src/datatypes.h b/src/datatypes.h
index da83e02..58a6d32 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -119,6 +119,7 @@ struct _virConnect {
virInterfaceDriverPtr interfaceDriver;
virStorageDriverPtr storageDriver;
virDeviceMonitorPtr deviceMonitor;
+ virSecretDriverPtr secretDriver;
/* Private data pointer which can be used by driver and
* network driver as they wish.
diff --git a/src/driver.h b/src/driver.h
index 79d46ff..e411212 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -6,6 +6,9 @@
#ifndef __VIR_DRIVER_H__
#define __VIR_DRIVER_H__
+#include "config.h"
+#include <stdbool.h>
+
#include <libxml/uri.h>
#include "internal.h"
@@ -799,6 +802,63 @@ struct _virDeviceMonitor {
virDrvNodeDeviceDestroy deviceDestroy;
};
+typedef char *
+ (*virDrvSecretAllocateID) (virConnectPtr conn);
+typedef int
+ (*virDrvSecretSetXML) (virConnectPtr conn,
+ const char *secret_id,
+ const char *xml);
+typedef char *
+ (*virDrvSecretGetXML) (virConnectPtr conn,
+ const char *secret_id);
+typedef int
+ (*virDrvSecretSetValue) (virConnectPtr conn,
+ const char *secret_id,
+ const void *secret,
+ size_t secret_size);
+typedef void *
+ (*virDrvSecretGetValue) (virConnectPtr conn,
+ const char *secret_id,
+ size_t *secret_size,
+ bool libvirt_internal_call);
+typedef int
+ (*virDrvSecretDelete) (virConnectPtr conn,
+ const char *secret_id);
+typedef int
+ (*virDrvSecretNumOfSecrets) (virConnectPtr conn);
+typedef int
+ (*virDrvSecretListSecrets) (virConnectPtr conn,
+ char **ids,
+ int maxids);
+
+typedef struct _virSecretDriver virSecretDriver;
+typedef virSecretDriver *virSecretDriverPtr;
+
+/**
+ * _virSecretDriver:
+ *
+ * Structure associated to a driver for storing secrets, defining the various
+ * entry points for it.
+ *
+ * All drivers must support the following fields/methods:
+ * - open
+ * - close
+ */
+struct _virSecretDriver {
+ const char *name;
+ virDrvOpen open;
+ virDrvClose close;
+
+ virDrvSecretAllocateID allocateID;
+ virDrvSecretSetXML setXML;
+ virDrvSecretGetXML getXML;
+ virDrvSecretSetValue setValue;
+ virDrvSecretGetValue getValue;
+ virDrvSecretDelete delete;
+ virDrvSecretNumOfSecrets numOfSecrets;
+ virDrvSecretListSecrets listSecrets;
+};
+
/*
* Registration
* TODO: also need ways to (des)activate a given driver
@@ -809,6 +869,7 @@ int virRegisterNetworkDriver(virNetworkDriverPtr);
int virRegisterInterfaceDriver(virInterfaceDriverPtr);
int virRegisterStorageDriver(virStorageDriverPtr);
int virRegisterDeviceMonitor(virDeviceMonitorPtr);
+int virRegisterSecretDriver(virSecretDriverPtr);
#ifdef WITH_LIBVIRTD
int virRegisterStateDriver(virStateDriverPtr);
#endif
diff --git a/src/libvirt.c b/src/libvirt.c
index 889f77f..22bc34c 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -86,6 +86,8 @@ static virStorageDriverPtr virStorageDriverTab[MAX_DRIVERS];
static int virStorageDriverTabCount = 0;
static virDeviceMonitorPtr virDeviceMonitorTab[MAX_DRIVERS];
static int virDeviceMonitorTabCount = 0;
+static virSecretDriverPtr virSecretDriverTab[MAX_DRIVERS];
+static int virSecretDriverTabCount = 0;
#ifdef WITH_LIBVIRTD
static virStateDriverPtr virStateDriverTab[MAX_DRIVERS];
static int virStateDriverTabCount = 0;
@@ -701,6 +703,37 @@ virRegisterDeviceMonitor(virDeviceMonitorPtr driver)
}
/**
+ * virRegisterSecretDriver:
+ * @driver: pointer to a secret driver block
+ *
+ * Register a secret driver
+ *
+ * Returns the driver priority or -1 in case of error.
+ */
+int
+virRegisterSecretDriver(virSecretDriverPtr driver)
+{
+ if (virInitialize() < 0)
+ return -1;
+
+ if (driver == NULL) {
+ virLibConnError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return(-1);
+ }
+
+ if (virSecretDriverTabCount >= MAX_DRIVERS) {
+ virLibConnError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return(-1);
+ }
+
+ DEBUG ("registering %s as secret driver %d",
+ driver->name, virSecretDriverTabCount);
+
+ virSecretDriverTab[virSecretDriverTabCount] = driver;
+ return virSecretDriverTabCount++;
+}
+
+/**
* virRegisterDriver:
* @driver: pointer to a driver block
*
@@ -1113,6 +1146,26 @@ do_open (const char *name,
}
}
+ /* Secret manipulation driver. Optional */
+ for (i = 0; i < virSecretDriverTabCount; i++) {
+ res = virSecretDriverTab[i]->open (ret, auth, flags);
+ DEBUG("secret driver %d %s returned %s",
+ i, virSecretDriverTab[i]->name,
+ res == VIR_DRV_OPEN_SUCCESS ? "SUCCESS" :
+ (res == VIR_DRV_OPEN_DECLINED ? "DECLINED" :
+ (res == VIR_DRV_OPEN_ERROR ? "ERROR" : "unknown
status")));
+ if (res == VIR_DRV_OPEN_ERROR) {
+ if (STREQ(virSecretDriverTab[i]->name, "remote")) {
+ virLibConnWarning (NULL, VIR_WAR_NO_SECRET,
+ "Is the daemon running ?");
+ }
+ break;
+ } else if (res == VIR_DRV_OPEN_SUCCESS) {
+ ret->secretDriver = virSecretDriverTab[i];
+ break;
+ }
+ }
+
return ret;
failed:
@@ -1246,6 +1299,8 @@ virConnectClose(virConnectPtr conn)
conn->storageDriver->close (conn);
if (conn->deviceMonitor)
conn->deviceMonitor->close (conn);
+ if (conn->secretDriver)
+ conn->secretDriver->close (conn);
conn->driver->close (conn);
if (virUnrefConnect(conn) < 0)
diff --git a/src/virterror.c b/src/virterror.c
index 362d8ef..ba66238 100644
--- a/src/virterror.c
+++ b/src/virterror.c
@@ -169,6 +169,9 @@ static const char *virErrorDomainName(virErrorDomain domain) {
case VIR_FROM_ESX:
dom = "ESX ";
break;
+ case VIR_FROM_SECRET:
+ dom = "Secret Storage ";
+ break;
}
return(dom);
}
@@ -1068,6 +1071,12 @@ virErrorMsg(virErrorNumber error, const char *info)
else
errmsg = _("multiple matching interfaces found: %s");
break;
+ case VIR_WAR_NO_SECRET:
+ if (info == NULL)
+ errmsg = _("Failed to find a secret storage driver");
+ else
+ errmsg = _("Failed to find a secret storage driver: %s");
+ break;
}
return (errmsg);
}
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 03/20] Secret manipulation step 3: Public API implementation
---
src/libvirt.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 365 insertions(+), 0 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index 22bc34c..4beb822 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -8660,3 +8660,368 @@ error:
virSetConnError(conn);
return -1;
}
+
+/**
+ * virSecretAllocateID:
+ * @conn: virConnect connection
+ *
+ * Allocates a secret ID (a printable string) without associating a secret
+ * value with the ID.
+ *
+ * Returns the secret ID on success, or NULL on failure. The caller must
+ * free() the secret ID.
+ */
+char *
+virSecretAllocateID(virConnectPtr conn)
+{
+ VIR_DEBUG("conn=%p", conn);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return NULL;
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->allocateID !=
NULL) {
+ char *ret;
+
+ ret = conn->secretDriver->allocateID(conn);
+ if (ret == NULL)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return NULL;
+}
+
+/**
+ * virSecretSetXML:
+ * @conn: virConnect connection
+ * @secret_id: A secret ID
+ * @xml: XML containing attributes of the secret.
+ *
+ * Replaces all attributes of the secret specified by secret_id by attributes
+ * specified in xml (any attributes not specified in xml are
+ * discarded). Allocates secret_id if it was not previously allocated.
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+int
+virSecretSetXML(virConnectPtr conn, const char *secret_id, const char *xml)
+{
+ VIR_DEBUG("conn=%p, secret_id=%s, xml=%s", conn, secret_id, xml);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return -1;
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+ if (secret_id == NULL || xml == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->setXML !=
NULL) {
+ int ret;
+
+ ret = conn->secretDriver->setXML(conn, secret_id, xml);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return -1;
+}
+
+/**
+ * virSecretGetXML:
+ * @conn: virConnect connection
+ * @secret_id: A secret ID
+ *
+ * Fetches an XML document describing attributes of the secret.
+ *
+ * Returns the XML document on success, NULL on failure. The caller must
+ * free() the XML.
+ */
+char *
+virSecretGetXML(virConnectPtr conn, const char *secret_id)
+{
+ VIR_DEBUG("conn=%p, secret_id=%s", conn, secret_id);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return NULL;
+ }
+ if (secret_id == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->getXML !=
NULL) {
+ char *ret;
+
+ ret = conn->secretDriver->getXML(conn, secret_id);
+ if (ret == NULL)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return NULL;
+}
+
+/**
+ * virSecretSetValue:
+ * @conn: virConnect connection
+ * @secret_id: A secret ID
+ * @secret: The secret
+ * @secret_size: Size of the secret
+ *
+ * Associates a secret value with secret_id. Allocates secret_id if it was
+ * not previously allocated.
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+int
+virSecretSetValue(virConnectPtr conn, const char *secret_id, const void *secret,
+ size_t secret_size)
+{
+ VIR_DEBUG("conn=%p, secret_id=%s, secret=%p, secret_size=%zu", conn,
+ secret_id, secret, secret_size);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return -1;
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+ if (secret_id == NULL || secret == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->setValue !=
NULL) {
+ int ret;
+
+ ret = conn->secretDriver->setValue(conn, secret_id, secret,
+ secret_size);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return -1;
+}
+
+/**
+ * virSecretGetValue:
+ * @conn: virConnect connection
+ * @secret_id: A secret ID
+ * @secret_size: Place for storing size of the secret
+ *
+ * Fetches the secret value associated with secret_id.
+ *
+ * Returns the secret value on success, NULL on failure. The caller must
+ * free() the secret value.
+ */
+void *
+virSecretGetValue(virConnectPtr conn, const char *secret_id,
+ size_t *secret_size)
+{
+ VIR_DEBUG("conn=%p, secret_id=%s, secret_size=%p", conn, secret_id,
+ secret_size);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return NULL;
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+ if (secret_id == NULL || secret_size == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->getValue !=
NULL) {
+ void *ret;
+
+ ret = conn->secretDriver->getValue(conn, secret_id, secret_size, false);
+ if (ret == NULL)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return NULL;
+}
+
+/**
+ * virSecretDelete:
+ * @conn: virConnect connection
+ * @secret_id: A secret ID
+ *
+ * Deletes the secret with secret_id (including the secret value and all
+ * attributes).
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+int
+virSecretDelete(virConnectPtr conn, const char *secret_id)
+{
+ VIR_DEBUG("conn=%p, secret_id=%s", conn, secret_id);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return -1;
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+ if (secret_id == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->delete !=
NULL) {
+ int ret;
+
+ ret = conn->secretDriver->delete(conn, secret_id);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return -1;
+}
+
+/**
+ * virSecretNumOfSecrets:
+ * @conn: virConnect connection
+ *
+ * Fetch number of currently defined secret IDs.
+ *
+ * Returns the number currently defined secret IDs.
+ */
+int
+virSecretNumOfSecrets(virConnectPtr conn)
+{
+ VIR_DEBUG("conn=%p", conn);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return -1;
+ }
+
+ if (conn->secretDriver != NULL &&
+ conn->secretDriver->numOfSecrets != NULL) {
+ int ret;
+
+ ret = conn->secretDriver->numOfSecrets(conn);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return -1;
+}
+
+/**
+ * virSecretListSecrets:
+ * @conn: virConnect connection
+ * @ids: Pointer to an array to store the IDs
+ * @maxids: size of the array.
+ *
+ * List the defined secret IDs, store pointers to names in ids.
+ *
+ * Returns the number of IDs provided in the array, or -1 on failure.
+ */
+int
+virSecretListSecrets(virConnectPtr conn, char **ids, int maxids)
+{
+ VIR_DEBUG("conn=%p, ids=%p, maxids=%d", conn, ids, maxids);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return -1;
+ }
+ if (ids == NULL || maxids < 0) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->secretDriver != NULL && conn->secretDriver->listSecrets !=
NULL) {
+ int ret;
+
+ ret = conn->secretDriver->listSecrets(conn, ids, maxids);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(conn);
+ return -1;
+}
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 04/20] Secret manipulation step 4: Wire protocol
---
qemud/remote_dispatch_args.h | 6 ++
qemud/remote_dispatch_prototypes.h | 56 +++++++++++++++++++
qemud/remote_dispatch_ret.h | 5 ++
qemud/remote_dispatch_table.h | 40 +++++++++++++
qemud/remote_protocol.c | 107 ++++++++++++++++++++++++++++++++++++
qemud/remote_protocol.h | 98 +++++++++++++++++++++++++++++++++
qemud/remote_protocol.x | 67 ++++++++++++++++++++++-
7 files changed, 378 insertions(+), 1 deletions(-)
diff --git a/qemud/remote_dispatch_args.h b/qemud/remote_dispatch_args.h
index 9dacfb8..37d7f48 100644
--- a/qemud/remote_dispatch_args.h
+++ b/qemud/remote_dispatch_args.h
@@ -117,3 +117,9 @@
remote_domain_xml_from_native_args val_remote_domain_xml_from_native_args;
remote_domain_xml_to_native_args val_remote_domain_xml_to_native_args;
remote_list_defined_interfaces_args val_remote_list_defined_interfaces_args;
+ remote_secret_set_xml_args val_remote_secret_set_xml_args;
+ remote_secret_get_xml_args val_remote_secret_get_xml_args;
+ remote_secret_set_value_args val_remote_secret_set_value_args;
+ remote_secret_get_value_args val_remote_secret_get_value_args;
+ remote_secret_delete_args val_remote_secret_delete_args;
+ remote_secret_list_secrets_args val_remote_secret_list_secrets_args;
diff --git a/qemud/remote_dispatch_prototypes.h b/qemud/remote_dispatch_prototypes.h
index d9f6aad..dbb23ea 100644
--- a/qemud/remote_dispatch_prototypes.h
+++ b/qemud/remote_dispatch_prototypes.h
@@ -772,6 +772,62 @@ static int remoteDispatchOpen(
remote_error *err,
remote_open_args *args,
void *ret);
+static int remoteDispatchSecretAllocateId(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ void *args,
+ remote_secret_allocate_id_ret *ret);
+static int remoteDispatchSecretDelete(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ remote_secret_delete_args *args,
+ void *ret);
+static int remoteDispatchSecretGetValue(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ remote_secret_get_value_args *args,
+ remote_secret_get_value_ret *ret);
+static int remoteDispatchSecretGetXml(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ remote_secret_get_xml_args *args,
+ remote_secret_get_xml_ret *ret);
+static int remoteDispatchSecretListSecrets(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ remote_secret_list_secrets_args *args,
+ remote_secret_list_secrets_ret *ret);
+static int remoteDispatchSecretNumOfSecrets(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ void *args,
+ remote_secret_num_of_secrets_ret *ret);
+static int remoteDispatchSecretSetValue(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ remote_secret_set_value_args *args,
+ void *ret);
+static int remoteDispatchSecretSetXml(
+ struct qemud_server *server,
+ struct qemud_client *client,
+ virConnectPtr conn,
+ remote_error *err,
+ remote_secret_set_xml_args *args,
+ void *ret);
static int remoteDispatchStoragePoolBuild(
struct qemud_server *server,
struct qemud_client *client,
diff --git a/qemud/remote_dispatch_ret.h b/qemud/remote_dispatch_ret.h
index 5376960..d28f445 100644
--- a/qemud/remote_dispatch_ret.h
+++ b/qemud/remote_dispatch_ret.h
@@ -99,3 +99,8 @@
remote_domain_xml_to_native_ret val_remote_domain_xml_to_native_ret;
remote_num_of_defined_interfaces_ret val_remote_num_of_defined_interfaces_ret;
remote_list_defined_interfaces_ret val_remote_list_defined_interfaces_ret;
+ remote_secret_allocate_id_ret val_remote_secret_allocate_id_ret;
+ remote_secret_get_xml_ret val_remote_secret_get_xml_ret;
+ remote_secret_get_value_ret val_remote_secret_get_value_ret;
+ remote_secret_num_of_secrets_ret val_remote_secret_num_of_secrets_ret;
+ remote_secret_list_secrets_ret val_remote_secret_list_secrets_ret;
diff --git a/qemud/remote_dispatch_table.h b/qemud/remote_dispatch_table.h
index 449786d..aad9b41 100644
--- a/qemud/remote_dispatch_table.h
+++ b/qemud/remote_dispatch_table.h
@@ -697,3 +697,43 @@
.args_filter = (xdrproc_t) xdr_remote_list_defined_interfaces_args,
.ret_filter = (xdrproc_t) xdr_remote_list_defined_interfaces_ret,
},
+{ /* SecretAllocateId => 139 */
+ .fn = (dispatch_fn) remoteDispatchSecretAllocateId,
+ .args_filter = (xdrproc_t) xdr_void,
+ .ret_filter = (xdrproc_t) xdr_remote_secret_allocate_id_ret,
+},
+{ /* SecretSetXml => 140 */
+ .fn = (dispatch_fn) remoteDispatchSecretSetXml,
+ .args_filter = (xdrproc_t) xdr_remote_secret_set_xml_args,
+ .ret_filter = (xdrproc_t) xdr_void,
+},
+{ /* SecretGetXml => 141 */
+ .fn = (dispatch_fn) remoteDispatchSecretGetXml,
+ .args_filter = (xdrproc_t) xdr_remote_secret_get_xml_args,
+ .ret_filter = (xdrproc_t) xdr_remote_secret_get_xml_ret,
+},
+{ /* SecretSetValue => 142 */
+ .fn = (dispatch_fn) remoteDispatchSecretSetValue,
+ .args_filter = (xdrproc_t) xdr_remote_secret_set_value_args,
+ .ret_filter = (xdrproc_t) xdr_void,
+},
+{ /* SecretGetValue => 143 */
+ .fn = (dispatch_fn) remoteDispatchSecretGetValue,
+ .args_filter = (xdrproc_t) xdr_remote_secret_get_value_args,
+ .ret_filter = (xdrproc_t) xdr_remote_secret_get_value_ret,
+},
+{ /* SecretDelete => 144 */
+ .fn = (dispatch_fn) remoteDispatchSecretDelete,
+ .args_filter = (xdrproc_t) xdr_remote_secret_delete_args,
+ .ret_filter = (xdrproc_t) xdr_void,
+},
+{ /* SecretNumOfSecrets => 145 */
+ .fn = (dispatch_fn) remoteDispatchSecretNumOfSecrets,
+ .args_filter = (xdrproc_t) xdr_void,
+ .ret_filter = (xdrproc_t) xdr_remote_secret_num_of_secrets_ret,
+},
+{ /* SecretListSecrets => 146 */
+ .fn = (dispatch_fn) remoteDispatchSecretListSecrets,
+ .args_filter = (xdrproc_t) xdr_remote_secret_list_secrets_args,
+ .ret_filter = (xdrproc_t) xdr_remote_secret_list_secrets_ret,
+},
diff --git a/qemud/remote_protocol.c b/qemud/remote_protocol.c
index 7b46096..519f4f2 100644
--- a/qemud/remote_protocol.c
+++ b/qemud/remote_protocol.c
@@ -2534,6 +2534,113 @@ xdr_remote_domain_xml_to_native_ret (XDR *xdrs,
remote_domain_xml_to_native_ret
}
bool_t
+xdr_remote_secret_allocate_id_ret (XDR *xdrs, remote_secret_allocate_id_ret *objp)
+{
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->secretID))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_set_xml_args (XDR *xdrs, remote_secret_set_xml_args *objp)
+{
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->secretID))
+ return FALSE;
+ if (!xdr_remote_nonnull_string (xdrs, &objp->xml))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_get_xml_args (XDR *xdrs, remote_secret_get_xml_args *objp)
+{
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->secretID))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_get_xml_ret (XDR *xdrs, remote_secret_get_xml_ret *objp)
+{
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->xml))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_set_value_args (XDR *xdrs, remote_secret_set_value_args *objp)
+{
+ char **objp_cpp0 = (char **) (void *) &objp->value.value_val;
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->secretID))
+ return FALSE;
+ if (!xdr_bytes (xdrs, objp_cpp0, (u_int *) &objp->value.value_len,
REMOTE_SECRET_VALUE_MAX))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_get_value_args (XDR *xdrs, remote_secret_get_value_args *objp)
+{
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->secretID))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_get_value_ret (XDR *xdrs, remote_secret_get_value_ret *objp)
+{
+ char **objp_cpp0 = (char **) (void *) &objp->value.value_val;
+
+ if (!xdr_bytes (xdrs, objp_cpp0, (u_int *) &objp->value.value_len,
REMOTE_SECRET_VALUE_MAX))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_delete_args (XDR *xdrs, remote_secret_delete_args *objp)
+{
+
+ if (!xdr_remote_nonnull_string (xdrs, &objp->secretID))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_num_of_secrets_ret (XDR *xdrs, remote_secret_num_of_secrets_ret *objp)
+{
+
+ if (!xdr_int (xdrs, &objp->num))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_list_secrets_args (XDR *xdrs, remote_secret_list_secrets_args *objp)
+{
+
+ if (!xdr_int (xdrs, &objp->maxids))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
+xdr_remote_secret_list_secrets_ret (XDR *xdrs, remote_secret_list_secrets_ret *objp)
+{
+ char **objp_cpp0 = (char **) (void *) &objp->ids.ids_val;
+
+ if (!xdr_array (xdrs, objp_cpp0, (u_int *) &objp->ids.ids_len,
REMOTE_SECRET_ID_LIST_MAX,
+ sizeof (remote_nonnull_string), (xdrproc_t) xdr_remote_nonnull_string))
+ return FALSE;
+ return TRUE;
+}
+
+bool_t
xdr_remote_procedure (XDR *xdrs, remote_procedure *objp)
{
diff --git a/qemud/remote_protocol.h b/qemud/remote_protocol.h
index 2e5bc81..621a991 100644
--- a/qemud/remote_protocol.h
+++ b/qemud/remote_protocol.h
@@ -43,6 +43,8 @@ typedef remote_nonnull_string *remote_string;
#define REMOTE_SECURITY_MODEL_MAX VIR_SECURITY_MODEL_BUFLEN
#define REMOTE_SECURITY_LABEL_MAX VIR_SECURITY_LABEL_BUFLEN
#define REMOTE_SECURITY_DOI_MAX VIR_SECURITY_DOI_BUFLEN
+#define REMOTE_SECRET_VALUE_MAX 65536
+#define REMOTE_SECRET_ID_LIST_MAX 16384
typedef char remote_uuid[VIR_UUID_BUFLEN];
@@ -1427,6 +1429,72 @@ struct remote_domain_xml_to_native_ret {
remote_nonnull_string nativeConfig;
};
typedef struct remote_domain_xml_to_native_ret remote_domain_xml_to_native_ret;
+
+struct remote_secret_allocate_id_ret {
+ remote_nonnull_string secretID;
+};
+typedef struct remote_secret_allocate_id_ret remote_secret_allocate_id_ret;
+
+struct remote_secret_set_xml_args {
+ remote_nonnull_string secretID;
+ remote_nonnull_string xml;
+};
+typedef struct remote_secret_set_xml_args remote_secret_set_xml_args;
+
+struct remote_secret_get_xml_args {
+ remote_nonnull_string secretID;
+};
+typedef struct remote_secret_get_xml_args remote_secret_get_xml_args;
+
+struct remote_secret_get_xml_ret {
+ remote_nonnull_string xml;
+};
+typedef struct remote_secret_get_xml_ret remote_secret_get_xml_ret;
+
+struct remote_secret_set_value_args {
+ remote_nonnull_string secretID;
+ struct {
+ u_int value_len;
+ char *value_val;
+ } value;
+};
+typedef struct remote_secret_set_value_args remote_secret_set_value_args;
+
+struct remote_secret_get_value_args {
+ remote_nonnull_string secretID;
+};
+typedef struct remote_secret_get_value_args remote_secret_get_value_args;
+
+struct remote_secret_get_value_ret {
+ struct {
+ u_int value_len;
+ char *value_val;
+ } value;
+};
+typedef struct remote_secret_get_value_ret remote_secret_get_value_ret;
+
+struct remote_secret_delete_args {
+ remote_nonnull_string secretID;
+};
+typedef struct remote_secret_delete_args remote_secret_delete_args;
+
+struct remote_secret_num_of_secrets_ret {
+ int num;
+};
+typedef struct remote_secret_num_of_secrets_ret remote_secret_num_of_secrets_ret;
+
+struct remote_secret_list_secrets_args {
+ int maxids;
+};
+typedef struct remote_secret_list_secrets_args remote_secret_list_secrets_args;
+
+struct remote_secret_list_secrets_ret {
+ struct {
+ u_int ids_len;
+ remote_nonnull_string *ids_val;
+ } ids;
+};
+typedef struct remote_secret_list_secrets_ret remote_secret_list_secrets_ret;
#define REMOTE_PROGRAM 0x20008086
#define REMOTE_PROTOCOL_VERSION 1
@@ -1569,6 +1637,14 @@ enum remote_procedure {
REMOTE_PROC_DOMAIN_XML_TO_NATIVE = 136,
REMOTE_PROC_NUM_OF_DEFINED_INTERFACES = 137,
REMOTE_PROC_LIST_DEFINED_INTERFACES = 138,
+ REMOTE_PROC_SECRET_ALLOCATE_ID = 139,
+ REMOTE_PROC_SECRET_SET_XML = 140,
+ REMOTE_PROC_SECRET_GET_XML = 141,
+ REMOTE_PROC_SECRET_SET_VALUE = 142,
+ REMOTE_PROC_SECRET_GET_VALUE = 143,
+ REMOTE_PROC_SECRET_DELETE = 144,
+ REMOTE_PROC_SECRET_NUM_OF_SECRETS = 145,
+ REMOTE_PROC_SECRET_LIST_SECRETS = 146,
};
typedef enum remote_procedure remote_procedure;
@@ -1831,6 +1907,17 @@ extern bool_t xdr_remote_domain_xml_from_native_args (XDR *,
remote_domain_xml_
extern bool_t xdr_remote_domain_xml_from_native_ret (XDR *,
remote_domain_xml_from_native_ret*);
extern bool_t xdr_remote_domain_xml_to_native_args (XDR *,
remote_domain_xml_to_native_args*);
extern bool_t xdr_remote_domain_xml_to_native_ret (XDR *,
remote_domain_xml_to_native_ret*);
+extern bool_t xdr_remote_secret_allocate_id_ret (XDR *,
remote_secret_allocate_id_ret*);
+extern bool_t xdr_remote_secret_set_xml_args (XDR *, remote_secret_set_xml_args*);
+extern bool_t xdr_remote_secret_get_xml_args (XDR *, remote_secret_get_xml_args*);
+extern bool_t xdr_remote_secret_get_xml_ret (XDR *, remote_secret_get_xml_ret*);
+extern bool_t xdr_remote_secret_set_value_args (XDR *, remote_secret_set_value_args*);
+extern bool_t xdr_remote_secret_get_value_args (XDR *, remote_secret_get_value_args*);
+extern bool_t xdr_remote_secret_get_value_ret (XDR *, remote_secret_get_value_ret*);
+extern bool_t xdr_remote_secret_delete_args (XDR *, remote_secret_delete_args*);
+extern bool_t xdr_remote_secret_num_of_secrets_ret (XDR *,
remote_secret_num_of_secrets_ret*);
+extern bool_t xdr_remote_secret_list_secrets_args (XDR *,
remote_secret_list_secrets_args*);
+extern bool_t xdr_remote_secret_list_secrets_ret (XDR *,
remote_secret_list_secrets_ret*);
extern bool_t xdr_remote_procedure (XDR *, remote_procedure*);
extern bool_t xdr_remote_message_type (XDR *, remote_message_type*);
extern bool_t xdr_remote_message_status (XDR *, remote_message_status*);
@@ -2069,6 +2156,17 @@ extern bool_t xdr_remote_domain_xml_from_native_args ();
extern bool_t xdr_remote_domain_xml_from_native_ret ();
extern bool_t xdr_remote_domain_xml_to_native_args ();
extern bool_t xdr_remote_domain_xml_to_native_ret ();
+extern bool_t xdr_remote_secret_allocate_id_ret ();
+extern bool_t xdr_remote_secret_set_xml_args ();
+extern bool_t xdr_remote_secret_get_xml_args ();
+extern bool_t xdr_remote_secret_get_xml_ret ();
+extern bool_t xdr_remote_secret_set_value_args ();
+extern bool_t xdr_remote_secret_get_value_args ();
+extern bool_t xdr_remote_secret_get_value_ret ();
+extern bool_t xdr_remote_secret_delete_args ();
+extern bool_t xdr_remote_secret_num_of_secrets_ret ();
+extern bool_t xdr_remote_secret_list_secrets_args ();
+extern bool_t xdr_remote_secret_list_secrets_ret ();
extern bool_t xdr_remote_procedure ();
extern bool_t xdr_remote_message_type ();
extern bool_t xdr_remote_message_status ();
diff --git a/qemud/remote_protocol.x b/qemud/remote_protocol.x
index 8f9b6db..268a8b4 100644
--- a/qemud/remote_protocol.x
+++ b/qemud/remote_protocol.x
@@ -136,6 +136,16 @@ const REMOTE_SECURITY_LABEL_MAX = VIR_SECURITY_LABEL_BUFLEN;
*/
const REMOTE_SECURITY_DOI_MAX = VIR_SECURITY_DOI_BUFLEN;
+/*
+ * Maximum size of a secret value.
+ */
+const REMOTE_SECRET_VALUE_MAX = 65536;
+
+/*
+ * Upper limit on list of secrets.
+ */
+const REMOTE_SECRET_ID_LIST_MAX = 16384;
+
/* UUID. VIR_UUID_BUFLEN definition comes from libvirt.h */
typedef opaque remote_uuid[VIR_UUID_BUFLEN];
@@ -1266,6 +1276,52 @@ struct remote_domain_xml_to_native_ret {
};
+struct remote_secret_allocate_id_ret {
+ remote_nonnull_string secretID;
+};
+
+struct remote_secret_set_xml_args {
+ remote_nonnull_string secretID;
+ remote_nonnull_string xml;
+};
+
+struct remote_secret_get_xml_args {
+ remote_nonnull_string secretID;
+};
+
+struct remote_secret_get_xml_ret {
+ remote_nonnull_string xml;
+};
+
+struct remote_secret_set_value_args {
+ remote_nonnull_string secretID;
+ opaque value<REMOTE_SECRET_VALUE_MAX>;
+};
+
+struct remote_secret_get_value_args {
+ remote_nonnull_string secretID;
+};
+
+struct remote_secret_get_value_ret {
+ opaque value<REMOTE_SECRET_VALUE_MAX>;
+};
+
+struct remote_secret_delete_args {
+ remote_nonnull_string secretID;
+};
+
+struct remote_secret_num_of_secrets_ret {
+ int num;
+};
+
+struct remote_secret_list_secrets_args {
+ int maxids;
+};
+
+struct remote_secret_list_secrets_ret {
+ remote_nonnull_string ids<REMOTE_SECRET_ID_LIST_MAX>;
+};
+
/*----- Protocol. -----*/
/* Define the program number, protocol version and procedure numbers here. */
@@ -1424,7 +1480,16 @@ enum remote_procedure {
REMOTE_PROC_DOMAIN_XML_TO_NATIVE = 136,
REMOTE_PROC_NUM_OF_DEFINED_INTERFACES = 137,
- REMOTE_PROC_LIST_DEFINED_INTERFACES = 138
+ REMOTE_PROC_LIST_DEFINED_INTERFACES = 138,
+
+ REMOTE_PROC_SECRET_ALLOCATE_ID = 139,
+ REMOTE_PROC_SECRET_SET_XML = 140,
+ REMOTE_PROC_SECRET_GET_XML = 141,
+ REMOTE_PROC_SECRET_SET_VALUE = 142,
+ REMOTE_PROC_SECRET_GET_VALUE = 143,
+ REMOTE_PROC_SECRET_DELETE = 144,
+ REMOTE_PROC_SECRET_NUM_OF_SECRETS = 145,
+ REMOTE_PROC_SECRET_LIST_SECRETS = 146
};
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 05/20] Secret manipulation step 5: RPC client
---
src/datatypes.h | 1 +
src/remote_internal.c | 306 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 307 insertions(+), 0 deletions(-)
diff --git a/src/datatypes.h b/src/datatypes.h
index 58a6d32..d17253f 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -130,6 +130,7 @@ struct _virConnect {
void * interfacePrivateData;
void * storagePrivateData;
void * devMonPrivateData;
+ void * secretPrivateData;
/*
* The lock mutex must be acquired before accessing/changing
diff --git a/src/remote_internal.c b/src/remote_internal.c
index a58b768..3272e0d 100644
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -6319,6 +6319,297 @@ done:
return rv;
}
+static virDrvOpenStatus
+remoteSecretOpen (virConnectPtr conn,
+ virConnectAuthPtr auth,
+ int flags)
+{
+ if (inside_daemon)
+ return VIR_DRV_OPEN_DECLINED;
+
+ if (conn &&
+ conn->driver &&
+ STREQ (conn->driver->name, "remote")) {
+ struct private_data *priv;
+
+ /* If we're here, the remote driver is already
+ * in use due to a) a QEMU uri, or b) a remote
+ * URI. So we can re-use existing connection
+ */
+ priv = conn->privateData;
+ remoteDriverLock(priv);
+ priv->localUses++;
+ conn->secretPrivateData = priv;
+ remoteDriverUnlock(priv);
+ return VIR_DRV_OPEN_SUCCESS;
+ } else if (conn->networkDriver &&
+ STREQ (conn->networkDriver->name, "remote")) {
+ struct private_data *priv = conn->networkPrivateData;
+ remoteDriverLock(priv);
+ conn->secretPrivateData = priv;
+ priv->localUses++;
+ remoteDriverUnlock(priv);
+ return VIR_DRV_OPEN_SUCCESS;
+ } else {
+ /* Using a non-remote driver, so we need to open a
+ * new connection for secret APIs, forcing it to
+ * use the UNIX transport.
+ */
+ struct private_data *priv;
+ int ret;
+ ret = remoteOpenSecondaryDriver(conn,
+ auth,
+ flags,
+ &priv);
+ if (ret == VIR_DRV_OPEN_SUCCESS)
+ conn->secretPrivateData = priv;
+ return ret;
+ }
+}
+
+static int
+remoteSecretClose (virConnectPtr conn)
+{
+ int rv = 0;
+ struct private_data *priv = conn->secretPrivateData;
+
+ conn->secretPrivateData = NULL;
+ remoteDriverLock(priv);
+ priv->localUses--;
+ if (!priv->localUses) {
+ rv = doRemoteClose(conn, priv);
+ remoteDriverUnlock(priv);
+ virMutexDestroy(&priv->lock);
+ VIR_FREE(priv);
+ }
+ if (priv)
+ remoteDriverUnlock(priv);
+ return rv;
+}
+
+static char *
+remoteSecretAllocateID (virConnectPtr conn)
+{
+ char *rv = NULL;
+ remote_secret_allocate_id_ret ret;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ memset (&ret, 0, sizeof (ret));
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_ALLOCATE_ID,
+ (xdrproc_t) xdr_void, (char *) NULL,
+ (xdrproc_t) xdr_remote_secret_allocate_id_ret,
+ (char *) &ret) == -1)
+ goto done;
+
+ /* Caller frees this. */
+ rv = ret.secretID;
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static int
+remoteSecretSetXML (virConnectPtr conn, const char *secret_id, const char *xml)
+{
+ int rv = -1;
+ remote_secret_set_xml_args args;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ args.secretID = (char *) secret_id;
+ args.xml = (char *) xml;
+
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_SET_XML,
+ (xdrproc_t) xdr_remote_secret_set_xml_args, (char *) &args,
+ (xdrproc_t) xdr_void, (char *) NULL) == -1)
+ goto done;
+
+ rv = 0;
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static char *
+remoteSecretGetXML (virConnectPtr conn, const char *secret_id)
+{
+ char *rv = NULL;
+ remote_secret_get_xml_args args;
+ remote_secret_get_xml_ret ret;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ args.secretID = (char *) secret_id;
+
+ memset (&ret, 0, sizeof (ret));
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_GET_XML,
+ (xdrproc_t) xdr_remote_secret_get_xml_args, (char *) &args,
+ (xdrproc_t) xdr_remote_secret_get_xml_ret, (char *) &ret) == -1)
+ goto done;
+
+ /* Caller frees. */
+ rv = ret.xml;
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static int
+remoteSecretSetValue (virConnectPtr conn, const char *secret_id,
+ const void *secret, size_t secret_size)
+{
+ int rv = -1;
+ remote_secret_set_value_args args;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ args.secretID = (char *) secret_id;
+ args.value.value_len = secret_size;
+ args.value.value_val = (char *) secret;
+
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_SET_VALUE,
+ (xdrproc_t) xdr_remote_secret_set_value_args, (char *) &args,
+ (xdrproc_t) xdr_void, (char *) NULL) == -1)
+ goto done;
+
+ rv = 0;
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static void *
+remoteSecretGetValue (virConnectPtr conn, const char *secret_id,
+ size_t *secret_size,
+ /* If the call goes over a socket, it's not internal */
+ bool libvirt_internal_call ATTRIBUTE_UNUSED)
+{
+ void *rv = NULL;
+ remote_secret_get_value_args args;
+ remote_secret_get_value_ret ret;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ args.secretID = (char *) secret_id;
+
+ memset (&ret, 0, sizeof (ret));
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_GET_VALUE,
+ (xdrproc_t) xdr_remote_secret_get_value_args, (char *) &args,
+ (xdrproc_t) xdr_remote_secret_get_value_ret, (char *) &ret) == -1)
+ goto done;
+
+ *secret_size = ret.value.value_len;
+ rv = ret.value.value_val; /* Caller frees. */
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static int
+remoteSecretDelete (virConnectPtr conn, const char *secret_id)
+{
+ int rv = -1;
+ remote_secret_delete_args args;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ args.secretID = (char *) secret_id;
+
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_DELETE,
+ (xdrproc_t) xdr_remote_secret_delete_args, (char *) &args,
+ (xdrproc_t) xdr_void, (char *) NULL) == -1)
+ goto done;
+
+ rv = 0;
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static int
+remoteSecretNumOfSecrets (virConnectPtr conn)
+{
+ int rv = -1;
+ remote_secret_num_of_secrets_ret ret;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock (priv);
+
+ memset (&ret, 0, sizeof (ret));
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_NUM_OF_SECRETS,
+ (xdrproc_t) xdr_void, (char *) NULL,
+ (xdrproc_t) xdr_remote_secret_num_of_secrets_ret,
+ (char *) &ret) == -1)
+ goto done;
+
+ rv = ret.num;
+
+done:
+ remoteDriverUnlock (priv);
+ return rv;
+}
+
+static int
+remoteSecretListSecrets (virConnectPtr conn, char **ids, int maxids)
+{
+ int rv = -1;
+ int i;
+ remote_secret_list_secrets_args args;
+ remote_secret_list_secrets_ret ret;
+ struct private_data *priv = conn->secretPrivateData;
+
+ remoteDriverLock(priv);
+
+ if (maxids > REMOTE_SECRET_ID_LIST_MAX) {
+ errorf (conn, VIR_ERR_RPC, _("too many remote secret IDs: %d >
%d"),
+ maxids, REMOTE_SECRET_ID_LIST_MAX);
+ goto done;
+ }
+ args.maxids = maxids;
+
+ memset (&ret, 0, sizeof ret);
+ if (call (conn, priv, 0, REMOTE_PROC_SECRET_LIST_SECRETS,
+ (xdrproc_t) xdr_remote_secret_list_secrets_args, (char *) &args,
+ (xdrproc_t) xdr_remote_secret_list_secrets_ret,
+ (char *) &ret) == -1)
+ goto done;
+
+ if (ret.ids.ids_len > maxids) {
+ errorf (conn, VIR_ERR_RPC, _("too many remote secret IDs: %d >
%d"),
+ ret.ids.ids_len, maxids);
+ goto cleanup;
+ }
+
+ /* This call is caller-frees. However xdr_free will free up both the
+ * names and the list of pointers, so we have to strdup the
+ * names here.
+ */
+ for (i = 0; i < ret.ids.ids_len; ++i)
+ ids[i] = strdup (ret.ids.ids_val[i]);
+
+ rv = ret.ids.ids_len;
+
+cleanup:
+ xdr_free ((xdrproc_t) xdr_remote_secret_list_secrets_ret, (char *) &ret);
+
+done:
+ remoteDriverUnlock(priv);
+ return rv;
+}
+
/*----------------------------------------------------------------------*/
@@ -7607,6 +7898,20 @@ static virStorageDriver storage_driver = {
.volGetPath = remoteStorageVolGetPath,
};
+static virSecretDriver secret_driver = {
+ .name = "remote",
+ .open = remoteSecretOpen,
+ .close = remoteSecretClose,
+ .allocateID = remoteSecretAllocateID,
+ .setXML = remoteSecretSetXML,
+ .getXML = remoteSecretGetXML,
+ .setValue = remoteSecretSetValue,
+ .getValue = remoteSecretGetValue,
+ .delete = remoteSecretDelete,
+ .numOfSecrets = remoteSecretNumOfSecrets,
+ .listSecrets = remoteSecretListSecrets
+};
+
static virDeviceMonitor dev_monitor = {
.name = "remote",
.open = remoteDevMonOpen,
@@ -7644,6 +7949,7 @@ remoteRegister (void)
if (virRegisterInterfaceDriver (&interface_driver) == -1) return -1;
if (virRegisterStorageDriver (&storage_driver) == -1) return -1;
if (virRegisterDeviceMonitor (&dev_monitor) == -1) return -1;
+ if (virRegisterSecretDriver (&secret_driver) == -1) return -1;
#ifdef WITH_LIBVIRTD
if (virRegisterStateDriver (&state_driver) == -1) return -1;
#endif
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 06/20] Secret manipulation step 6: RPC dispatcher
---
qemud/remote.c | 149 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 149 insertions(+), 0 deletions(-)
diff --git a/qemud/remote.c b/qemud/remote.c
index d32d513..2ecf55b 100644
--- a/qemud/remote.c
+++ b/qemud/remote.c
@@ -4515,6 +4515,155 @@ error:
VIR_FREE(msg);
}
+static int
+remoteDispatchSecretAllocateId (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn,
+ remote_error *err,
+ void *args ATTRIBUTE_UNUSED,
+ remote_secret_allocate_id_ret *ret)
+{
+ char *secret_id;
+
+ secret_id = virSecretAllocateID (conn);
+ if (secret_id == NULL) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ ret->secretID = secret_id;
+ return 0;
+}
+
+static int
+remoteDispatchSecretDelete (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn,
+ remote_error *err, remote_secret_delete_args *args,
+ void *ret ATTRIBUTE_UNUSED)
+{
+ if (virSecretDelete (conn, args->secretID) < 0) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+remoteDispatchSecretGetValue (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn, remote_error *err,
+ remote_secret_get_value_args *args,
+ remote_secret_get_value_ret *ret)
+{
+ size_t secret_size;
+ void *secret;
+
+ secret = virSecretGetValue (conn, args->secretID, &secret_size);
+ if (secret == NULL) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ ret->value.value_len = secret_size;
+ ret->value.value_val = secret;
+
+ return 0;
+}
+
+static int
+remoteDispatchSecretGetXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn, remote_error *err,
+ remote_secret_get_xml_args *args,
+ remote_secret_get_xml_ret *ret)
+{
+ ret->xml = virSecretGetXML (conn, args->secretID);
+ if (ret->xml == NULL) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+ return 0;
+}
+
+static int
+remoteDispatchSecretListSecrets (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn, remote_error *err,
+ remote_secret_list_secrets_args *args,
+ remote_secret_list_secrets_ret *ret)
+{
+ if (args->maxids > REMOTE_SECRET_ID_LIST_MAX) {
+ remoteDispatchFormatError (err, "%s",
+ _("maxids >
REMOTE_SECRET_ID_LIST_MAX"));
+ return -1;
+ }
+
+ if (VIR_ALLOC_N (ret->ids.ids_val, args->maxids) < 0) {
+ remoteDispatchOOMError (err);
+ return -1;
+ }
+
+ ret->ids.ids_len = virSecretListSecrets (conn, ret->ids.ids_val,
+ args->maxids);
+ if (ret->ids.ids_len == -1) {
+ VIR_FREE (ret->ids.ids_val);
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+remoteDispatchSecretNumOfSecrets (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn, remote_error *err,
+ void *args ATTRIBUTE_UNUSED,
+ remote_secret_num_of_secrets_ret *ret)
+{
+ ret->num = virSecretNumOfSecrets (conn);
+ if (ret->num == -1) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+remoteDispatchSecretSetValue (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn, remote_error *err,
+ remote_secret_set_value_args *args,
+ void *ret ATTRIBUTE_UNUSED)
+{
+ if (virSecretSetValue (conn, args->secretID, args->value.value_val,
+ args->value.value_len) < 0) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+remoteDispatchSecretSetXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn, remote_error *err,
+ remote_secret_set_xml_args *args,
+ void *ret ATTRIBUTE_UNUSED)
+{
+ if (virSecretSetXML (conn, args->secretID, args->xml) < 0) {
+ remoteDispatchConnError (err, conn);
+ return -1;
+ }
+
+ return 0;
+}
+
+
/*----- Helpers. -----*/
/* get_nonnull_domain and get_nonnull_network turn an on-wire
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 07/20] Secret manipulation step 7: Local driver
This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.
(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)
---
include/libvirt/virterror.h | 1 +
po/POTFILES.in | 1 +
qemud/qemud.c | 3 +
src/Makefile.am | 14 +
src/libvirt_private.syms | 2 +
src/secret_driver.c | 1077 +++++++++++++++++++++++++++++++++++++++++++
src/secret_driver.h | 28 ++
src/test.c | 21 +
src/virterror.c | 6 +
9 files changed, 1153 insertions(+), 0 deletions(-)
create mode 100644 src/secret_driver.c
create mode 100644 src/secret_driver.h
diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h
index 64e0143..fc24251 100644
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -168,6 +168,7 @@ typedef enum {
VIR_ERR_INVALID_INTERFACE, /* invalid interface object */
VIR_ERR_MULTIPLE_INTERFACES, /* more than one matching interface found */
VIR_WAR_NO_SECRET, /* failed to start secret storage */
+ VIR_ERR_NO_SECRET, /* secret not found */
} virErrorNumber;
/**
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 141f58b..cf0ec8d 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -29,6 +29,7 @@ src/proxy_internal.c
src/qemu_conf.c
src/qemu_driver.c
src/remote_internal.c
+src/secret_driver.c
src/security.c
src/security_selinux.c
src/storage_backend.c
diff --git a/qemud/qemud.c b/qemud/qemud.c
index 3e551ca..01426da 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -92,6 +92,7 @@
#ifdef WITH_NODE_DEVICES
#include "node_device.h"
#endif
+#include "secret_driver.h"
#endif
@@ -819,6 +820,7 @@ static struct qemud_server *qemudInitialize(int sigread) {
virDriverLoadModule("network");
virDriverLoadModule("storage");
virDriverLoadModule("nodedev");
+ virDriverLoadModule("secret");
virDriverLoadModule("qemu");
virDriverLoadModule("lxc");
virDriverLoadModule("uml");
@@ -837,6 +839,7 @@ static struct qemud_server *qemudInitialize(int sigread) {
(defined(HAVE_HAL) || defined(HAVE_DEVKIT))
nodedevRegister();
#endif
+ secretRegister();
#ifdef WITH_QEMU
qemuRegister();
#endif
diff --git a/src/Makefile.am b/src/Makefile.am
index 9567490..ce33695 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -176,6 +176,9 @@ NETWORK_DRIVER_SOURCES = \
INTERFACE_DRIVER_SOURCES = \
interface_driver.h interface_driver.c
+SECRET_DRIVER_SOURCES = \
+ secret_driver.h secret_driver.c
+
# Storage backend specific impls
STORAGE_DRIVER_SOURCES = \
storage_driver.h storage_driver.c \
@@ -448,6 +451,17 @@ endif
libvirt_driver_interface_la_SOURCES = $(INTERFACE_DRIVER_SOURCES)
endif
+if WITH_DRIVER_MODULES
+mod_LTLIBRARIES += libvirt_driver_secret.la
+else
+noinst_LTLIBRARIES += libvirt_driver_secret.la
+libvirt_la_LIBADD += libvirt_driver_secret.la
+endif
+if WITH_DRIVER_MODULES
+libvirt_driver_secret_la_LDFLAGS = -module -avoid-version
+endif
+libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
+
# Needed to keep automake quiet about conditionals
libvirt_driver_storage_la_SOURCES =
if WITH_STORAGE_DIR
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index bd63692..343a71e 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -285,6 +285,8 @@ qparam_get_query;
qparam_query_parse;
free_qparam_set;
+# secret.h
+secretRegister;
# security.h
virSecurityDriverVerify;
diff --git a/src/secret_driver.c b/src/secret_driver.c
new file mode 100644
index 0000000..07e4642
--- /dev/null
+++ b/src/secret_driver.c
@@ -0,0 +1,1077 @@
+/*
+ * secret_driver.c: local driver for secret manipulation API
+ *
+ * Copyright (C) 2009 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Red Hat Author: Miloslav Trmač <mitr(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include <fcntl.h>
+#include <stdbool.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "internal.h"
+#include "base64.h"
+#include "buf.h"
+#include "datatypes.h"
+#include "driver.h"
+#include "memory.h"
+#include "secret_driver.h"
+#include "threads.h"
+#include "util.h"
+#include "uuid.h"
+#include "virterror_internal.h"
+#include "xml.h"
+
+#define VIR_FROM_THIS VIR_FROM_SECRET
+
+#define virSecretReportError(conn, code, fmt...) \
+ virReportErrorHelper(conn, VIR_FROM_SECRET, code, __FILE__, \
+ __FUNCTION__, __LINE__, fmt)
+
+#define secretLog(msg...) fprintf(stderr, msg)
+
+typedef struct _virSecret virSecret;
+typedef virSecret *virSecretPtr;
+struct _virSecret {
+ virSecretPtr next;
+ char *id; /* We generate UUIDs, but don't restrict user-chosen IDs */
+ void *value; /* May be NULL */
+ size_t value_size;
+ unsigned ephemeral : 1;
+ unsigned private : 1;
+ char *description, *volume; /* May be NULL */
+};
+
+typedef struct _virSecretDriverState virSecretDriverState;
+typedef virSecretDriverState *virSecretDriverStatePtr;
+struct _virSecretDriverState {
+ virMutex lock;
+ virSecret *secrets;
+ char *filename;
+};
+
+static virSecretDriverStatePtr driverState;
+
+static void
+secretDriverLock(virSecretDriverStatePtr driver)
+{
+ virMutexLock(&driver->lock);
+}
+
+static void
+secretDriverUnlock(virSecretDriverStatePtr driver)
+{
+ virMutexUnlock(&driver->lock);
+}
+
+static virSecretPtr
+listUnlink(virSecretPtr *pptr)
+{
+ virSecretPtr secret;
+
+ secret = *pptr;
+ *pptr = secret->next;
+ return secret;
+}
+
+static void
+listInsert(virSecretPtr *pptr, virSecretPtr secret)
+{
+ secret->next = *pptr;
+ *pptr = secret;
+}
+
+static void
+secretFree(virSecretPtr secret)
+{
+ if (secret == NULL)
+ return;
+
+ VIR_FREE(secret->id);
+ if (secret->value != NULL) {
+ memset(secret->value, 0, secret->value_size);
+ VIR_FREE(secret->value);
+ }
+ VIR_FREE(secret->description);
+ VIR_FREE(secret->volume);
+ VIR_FREE(secret);
+}
+
+static virSecretPtr *
+secretFind(virSecretDriverStatePtr driver, const char *secret_id)
+{
+ virSecretPtr *pptr, s;
+
+ for (pptr = &driver->secrets; (s = *pptr) != NULL; pptr = &s->next) {
+ if (STREQ(s->id, secret_id))
+ return pptr;
+ }
+ return NULL;
+}
+
+static virSecretPtr
+secretCreate(virConnectPtr conn, virSecretDriverStatePtr driver,
+ const char *secret_id)
+{
+ virSecretPtr secret = NULL;
+
+ if (VIR_ALLOC(secret) < 0)
+ goto no_memory;
+ secret->id = strdup(secret_id);
+ if (secret->id == NULL)
+ goto no_memory;
+ listInsert(&driver->secrets, secret);
+ return secret;
+
+ no_memory:
+ virReportOOMError(conn);
+ secretFree(secret);
+ return NULL;
+}
+
+static virSecretPtr
+secretFindOrCreate(virConnectPtr conn, virSecretDriverStatePtr driver,
+ const char *secret_id, bool *created_new)
+{
+ virSecretPtr *pptr, secret;
+
+ pptr = secretFind(driver, secret_id);
+ if (pptr != NULL) {
+ if (created_new != NULL)
+ *created_new = false;
+ return *pptr;
+ }
+
+ secret = secretCreate(conn, driver, secret_id);
+ if (secret != NULL && created_new != NULL)
+ *created_new = true;
+ return secret;
+}
+
+/* The secret storage file format is intentionally simplistic, in order to
+ minimize the number of copies of unencrypted secrets in memory. */
+
+static int
+writeString(virConnectPtr conn, int fd, const char *s)
+{
+ int ret;
+
+ ret = safewrite(fd, s, strlen(s));
+ if (ret < 0)
+ virReportSystemError (conn, errno, "%s",
+ _("cannot write secrets file"));
+ return ret;
+}
+
+static int
+writeBase64Data(virConnectPtr conn, int fd, const char *field,
+ const void *data, size_t size)
+{
+ int ret = -1;
+ char *base64 = NULL;
+
+ if (writeString(conn, fd, field) < 0 || writeString(conn, fd, " ") <
0)
+ goto cleanup;
+
+ base64_encode_alloc(data, size, &base64);
+ if (base64 == NULL) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ if (writeString(conn, fd, base64) < 0 || writeString(conn, fd, "\n")
< 0)
+ goto cleanup;
+ ret = 0;
+
+ cleanup:
+ VIR_FREE(base64);
+ return ret;
+}
+
+static int
+writeSecret(virConnectPtr conn, int fd, const virSecret *secret)
+{
+ const char *s;
+
+ if (writeBase64Data(conn, fd, "id", secret->id, strlen(secret->id))
< 0)
+ return -1;
+
+ if (secret->ephemeral)
+ s = "ephemeral yes\n";
+ else
+ s = "ephemeral no\n";
+ if (writeString(conn, fd, s) < 0)
+ return -1;
+
+ if (secret->private)
+ s = "private yes\n";
+ else
+ s = "private no\n";
+ if (writeString(conn, fd, s) < 0)
+ return -1;
+
+ if (secret->value != NULL &&
+ writeBase64Data(conn, fd, "value", secret->value,
+ secret->value_size) < 0)
+ return -1;
+ if (secret->description != NULL &&
+ writeBase64Data(conn, fd, "description", secret->description,
+ strlen(secret->description)) < 0)
+ return -1;
+ if (secret->volume != NULL &&
+ writeBase64Data(conn, fd, "volume", secret->volume,
+ strlen(secret->volume)) < 0)
+ return -1;
+
+ return 0;
+}
+
+static int
+saveSecrets(virConnectPtr conn, virSecretDriverStatePtr driver)
+{
+ const virSecret *secret;
+ char *tmp_path = NULL;
+ int fd = -1, ret = -1;
+
+ if (virAsprintf(&tmp_path, "%sXXXXXX", driver->filename) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ fd = mkstemp (tmp_path);
+ if (fd == -1) {
+ virReportSystemError (conn, errno, _("mkstemp(\"%s\")
failed"),
+ tmp_path);
+ goto cleanup;
+ }
+
+ for (secret = driver->secrets; secret != NULL; secret = secret->next) {
+ if (!secret->ephemeral && writeSecret(conn, fd, secret) < 0)
+ goto cleanup;
+ }
+ close(fd);
+ fd = -1;
+ if (rename(tmp_path, driver->filename) < 0) {
+ virReportSystemError (conn, errno, _("rename(%s, %s) failed"),
+ tmp_path, driver->filename);
+ goto cleanup;
+ }
+ tmp_path = NULL;
+ ret = 0;
+
+ cleanup:
+ if (fd != -1)
+ close(fd);
+ if (tmp_path != NULL) {
+ unlink(tmp_path);
+ VIR_FREE(tmp_path);
+ }
+ return ret;
+}
+
+static int
+parseBase64String(virConnectPtr conn, const char *base64, char **string)
+{
+ char *tmp;
+ size_t size;
+
+ if (!base64_decode_alloc(base64, strlen(base64), &tmp, &size)) {
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid format of base64 in secret
storage"));
+ return -1;
+ }
+ if (tmp == NULL || VIR_ALLOC_N(*string, size + 1) < 0) {
+ virReportOOMError(conn);
+ return -1;
+ }
+
+ memcpy(*string, tmp, size);
+ (*string)[size] = '\0';
+ return 0;
+}
+
+static int
+parseKeyValue(virConnectPtr conn, virSecretPtr *list, virSecretPtr *secret,
+ const char *key, const char *value)
+{
+ virSecretPtr s;
+
+ s = *secret;
+ if (s == NULL) {
+ if (VIR_ALLOC(s) < 0)
+ goto no_memory;
+ *secret = s;
+ }
+ if (STREQ(key, "id")) {
+ if (s->id != NULL) {
+ listInsert(list, s);
+ if (VIR_ALLOC(s) < 0)
+ goto no_memory;
+ *secret = s;
+ }
+ if (parseBase64String(conn, value, &s->id) < 0)
+ return -1;
+ } else if (STREQ(key, "ephemeral")) {
+ if (STREQ(value, "yes"))
+ s->ephemeral = 1;
+ else if (STREQ(value, "no"))
+ s->ephemeral = 0;
+ else
+ goto invalid;
+ } else if (STREQ(key, "private")) {
+ if (STREQ(value, "yes"))
+ s->private = 1;
+ else if (STREQ(value, "no"))
+ s->private = 0;
+ else
+ goto invalid;
+ } else if (STREQ(key, "value")) {
+ char *raw;
+
+ if (s->value != NULL)
+ return -1;
+ if (!base64_decode_alloc(value, strlen(value), &raw, &s->value_size))
+ goto invalid;
+ if (raw == NULL)
+ goto no_memory;
+ s->value = raw;
+ } else if (STREQ(key, "description")) {
+ if (s->description != NULL)
+ goto invalid;
+ if (parseBase64String(conn, value, &s->description) < 0)
+ return -1;
+ } else if (STREQ(key, "volume")) {
+ if (s->volume != NULL)
+ goto invalid;
+ if (parseBase64String(conn, value, &s->volume) < 0)
+ return -1;
+ } else
+ goto invalid;
+
+ return 0;
+
+ invalid:
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid format of secret storage"));
+ return -1;
+
+ no_memory:
+ virReportOOMError(conn);
+ return -1;
+}
+
+static int
+loadSecrets(virConnectPtr conn, virSecretDriverStatePtr driver,
+ virSecretPtr *dest)
+{
+ int ret = -1, fd = -1;
+ struct stat st;
+ char *contents = NULL, *strtok_data = NULL, *strtok_first;
+ const char *key, *value;
+ virSecretPtr secret = NULL, list = NULL;
+
+ if (stat(driver->filename, &st) < 0) {
+ if (errno == ENOENT)
+ return 0;
+ virReportSystemError (conn, errno, _("cannot stat '%s'"),
+ driver->filename);
+ goto cleanup;
+ }
+ if ((size_t)st.st_size != st.st_size || (size_t)(st.st_size + 1) == 0) {
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("secrets file does not fit in memory"));
+ goto cleanup;
+ }
+
+ fd = open(driver->filename, O_RDONLY);
+ if (fd == -1) {
+ virReportSystemError (conn, errno, _("cannot open '%s'"),
+ driver->filename);
+ goto cleanup;
+ }
+ if (VIR_ALLOC_N(contents, st.st_size + 1) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ if (saferead(fd, contents, st.st_size) != st.st_size) {
+ virReportSystemError (conn, errno, _("cannot read '%s'"),
+ driver->filename);
+ goto cleanup;
+ }
+ close(fd);
+ fd = -1;
+
+ strtok_first = contents;
+ while ((key = strtok_r(strtok_first, " ", &strtok_data)) != NULL) {
+ strtok_first = NULL;
+ value = strtok_r(strtok_first, "\n", &strtok_data);
+ if (value == NULL) {
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid format of secret storage"));
+ goto cleanup;
+ }
+ if (parseKeyValue(conn, &list, &secret, key, value) < 0)
+ goto cleanup;
+ }
+ if (secret != NULL) {
+ if (secret->id == NULL) {
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid format of secret storage"));
+ goto cleanup;
+ }
+ listInsert(&list, secret);
+ }
+
+ /* The secrets were collected into "list" in reverse order. This happens
+ to reverse the order again, preserving the original order of secrets
+ in the file. */
+ while (list != NULL) {
+ secret = listUnlink(&list);
+ listInsert(dest, secret);
+ }
+ secret = NULL;
+
+ ret = 0;
+ goto cleanup;
+
+
+ cleanup:
+ secretFree(secret);
+ while (list != NULL) {
+ secret = listUnlink(&list);
+ secretFree(secret);
+ }
+ if (fd != -1)
+ close(fd);
+ if (contents != NULL) {
+ memset(contents, 0, st.st_size);
+ VIR_FREE(contents);
+ }
+ return ret;
+}
+
+static virSecretPtr
+secretXMLParseNode(virConnectPtr conn, xmlDocPtr xml, xmlNodePtr root)
+{
+ xmlXPathContextPtr ctxt = NULL;
+ virSecretPtr secret, ret = NULL;
+ char *prop;
+
+ if (!xmlStrEqual(root->name, BAD_CAST "secret")) {
+ virSecretReportError(conn, VIR_ERR_XML_ERROR, "%s",
+ _("incorrect root element"));
+ goto cleanup;
+ }
+
+ ctxt = xmlXPathNewContext(xml);
+ if (ctxt == NULL) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ ctxt->node = root;
+
+ if (VIR_ALLOC(secret) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
+ prop = virXPathString(conn, "string(./@ephemeral)", ctxt);
+ if (prop != NULL && STREQ(prop, "yes"))
+ secret->ephemeral = 1;
+ VIR_FREE(prop);
+
+ prop = virXPathString(conn, "string(./@private)", ctxt);
+ if (prop != NULL && STREQ(prop, "yes"))
+ secret->private = 1;
+ VIR_FREE(prop);
+
+ secret->description = virXPathString(conn, "string(./description)",
ctxt);
+ secret->volume = virXPathString(conn, "string(./volume)", ctxt);
+
+ ret = secret;
+ secret = NULL;
+
+ cleanup:
+ secretFree(secret);
+ xmlXPathFreeContext(ctxt);
+ return ret;
+}
+
+/* Called from SAX on parsing errors in the XML. */
+static void
+catchXMLError(void *ctx, const char *msg ATTRIBUTE_UNUSED, ...)
+{
+ xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
+
+ if (ctxt) {
+ virConnectPtr conn = ctxt->_private;
+
+ if (virGetLastError() == NULL &&
+ ctxt->lastError.level == XML_ERR_FATAL &&
+ ctxt->lastError.message != NULL) {
+ virSecretReportError(conn, VIR_ERR_XML_DETAIL, _("at line %d:
%s"),
+ ctxt->lastError.line, ctxt->lastError.message);
+ }
+ }
+}
+
+static virSecretPtr
+secretXMLParseString(virConnectPtr conn, const char *xmlStr)
+{
+ xmlParserCtxtPtr pctxt;
+ xmlDocPtr xml = NULL;
+ xmlNodePtr root;
+ virSecretPtr ret = NULL;
+
+ pctxt = xmlNewParserCtxt();
+ if (pctxt == NULL || pctxt->sax == NULL)
+ goto cleanup;
+ pctxt->sax->error = catchXMLError;
+ pctxt->_private = conn;
+
+ xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, "secret.xml", NULL,
+ XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NOWARNING);
+ if (xml == NULL) {
+ if (conn->err.code == VIR_ERR_NONE)
+ virSecretReportError(conn, VIR_ERR_XML_ERROR, "%s",
+ _("failed to parse xml document"));
+ goto cleanup;
+ }
+
+ root = xmlDocGetRootElement(xml);
+ if (root == NULL) {
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("missing root element"));
+ goto cleanup;
+ }
+
+ ret = secretXMLParseNode(conn, xml, root);
+
+ cleanup:
+ xmlFreeDoc(xml);
+ xmlFreeParserCtxt(pctxt);
+ return ret;
+}
+
+static char *
+secretXMLFormat(virConnectPtr conn, const virSecret *secret)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ char *tmp;
+
+ virBufferVSprintf(&buf, "<secret ephemeral='%s'
private='%s'>\n",
+ secret->ephemeral ? "yes" : "no",
+ secret->private ? "yes" : "no");
+ if (secret->description != NULL)
+ virBufferEscapeString(&buf, "
<description>%s</description>\n",
+ secret->description);
+ if (secret->volume != NULL)
+ virBufferEscapeString(&buf, " <volume>%s</volume>\n",
secret->volume);
+ virBufferAddLit(&buf, "</secret>\n");
+
+ if (virBufferError(&buf))
+ goto no_memory;
+
+ return virBufferContentAndReset(&buf);
+
+ no_memory:
+ virReportOOMError(conn);
+ tmp = virBufferContentAndReset(&buf);
+ VIR_FREE(tmp);
+ return NULL;
+}
+
+static virDrvOpenStatus
+secretOpen(virConnectPtr conn, virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ int flags ATTRIBUTE_UNUSED) {
+ if (driverState == NULL)
+ return VIR_DRV_OPEN_DECLINED;
+
+ conn->secretPrivateData = driverState;
+ return VIR_DRV_OPEN_SUCCESS;
+}
+
+static int
+secretClose(virConnectPtr conn) {
+ conn->secretPrivateData = NULL;
+ return 0;
+}
+
+static char *
+secretAllocateID(virConnectPtr conn)
+{
+ char *secret_id, *ret = NULL;
+ unsigned attempt;
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+
+ if (VIR_ALLOC_N(secret_id, VIR_UUID_STRING_BUFLEN) < 0) {
+ virReportOOMError(conn);
+ return NULL;
+ }
+
+ secretDriverLock(driver);
+
+ for (attempt = 0; attempt < 65536; attempt++) {
+ unsigned char uuid[VIR_UUID_BUFLEN];
+
+ if (virUUIDGenerate(uuid) < 0) {
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("unable to generate uuid"));
+ goto cleanup;
+ }
+ virUUIDFormat(uuid, secret_id);
+ if (secretFind(driver, secret_id) == NULL) {
+ virSecretPtr s;
+
+ s = secretCreate(conn, driver, secret_id);
+ if (s != NULL) {
+ ret = secret_id;
+ secret_id = NULL;
+ }
+ goto cleanup;
+ }
+ }
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("too many conflicts when generating an uuid"));
+
+ cleanup:
+ secretDriverUnlock(driver);
+
+ VIR_FREE(secret_id);
+ return ret;
+}
+
+static void
+shallowCopyAttributes(virSecretPtr dest, const virSecret *src)
+{
+ dest->ephemeral = src->ephemeral;
+ dest->private = src->private;
+ dest->description = src->description;
+ dest->volume = src->volume;
+}
+
+static int
+secretSetXML(virConnectPtr conn, const char *secret_id, const char *xml)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ int ret = -1;
+ virSecret backup;
+ virSecretPtr secret, new_attrs;
+ bool secret_is_new;
+
+ new_attrs = secretXMLParseString(conn, xml);
+ if (new_attrs == NULL)
+ return -1;
+
+ secretDriverLock(driver);
+
+ secret = secretFindOrCreate(conn, driver, secret_id, &secret_is_new);
+ if (secret == NULL)
+ goto cleanup;
+
+ /* Save old values of the attributes */
+ shallowCopyAttributes(&backup, secret);
+
+ if (backup.private && !new_attrs->private) {
+ virSecretReportError(conn, VIR_ERR_OPERATION_DENIED, "%s",
+ virErrorMsg(VIR_ERR_OPERATION_DENIED, NULL));
+ goto cleanup;
+ }
+
+ shallowCopyAttributes(secret, new_attrs);
+ if (!new_attrs->ephemeral || !backup.ephemeral) {
+ if (saveSecrets(conn, driver) < 0)
+ goto restore_backup;
+ }
+ /* Saved succesfully - drop old values */
+ new_attrs = NULL;
+ VIR_FREE(backup.description);
+ VIR_FREE(backup.volume);
+
+ ret = 0;
+ goto cleanup;
+
+ restore_backup:
+ /* Error - restore previous state and free new attributes */
+ shallowCopyAttributes(secret, &backup);
+ if (secret_is_new) {
+ /* "secret" was added to the head of the list above */
+ if (listUnlink(&driverState->secrets) != secret)
+ /* abort() instead? */
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("list of secrets is inconsistent"));
+ else
+ secretFree(secret);
+ }
+
+ cleanup:
+ secretFree(new_attrs);
+ secretDriverUnlock(driver);
+
+ return ret;
+}
+
+static char *
+secretGetXML(virConnectPtr conn, const char *secret_id)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ char *ret = NULL;
+ virSecretPtr *pptr;
+
+ secretDriverLock(driver);
+
+ pptr = secretFind(driver, secret_id);
+ if (pptr == NULL) {
+ virSecretReportError(conn, VIR_ERR_NO_SECRET,
+ _("no secret with matching id '%s'"),
secret_id);
+ goto cleanup;
+ }
+
+ ret = secretXMLFormat(conn, *pptr);
+
+ cleanup:
+ secretDriverUnlock(driver);
+
+ return ret;
+}
+
+static int
+secretSetValue(virConnectPtr conn, const char *secret_id, const void *value,
+ size_t value_size)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ int ret = -1;
+ void *old_value;
+ unsigned char *new_value;
+ size_t old_value_size;
+ virSecretPtr secret;
+ bool secret_is_new;
+
+ if (VIR_ALLOC_N(new_value, value_size) < 0) {
+ virReportOOMError(conn);
+ return -1;
+ }
+
+ secretDriverLock(driver);
+
+ secret = secretFindOrCreate(conn, driver, secret_id, &secret_is_new);
+ if (secret == NULL)
+ goto cleanup;
+
+ old_value = secret->value;
+ old_value_size = secret->value_size;
+
+ memcpy(new_value, value, value_size);
+ secret->value = new_value;
+ secret->value_size = value_size;
+ if (!secret->ephemeral) {
+ if (saveSecrets(conn, driver) < 0)
+ goto restore_backup;
+ }
+ /* Saved succesfully - drop old value */
+ if (old_value != NULL) {
+ memset(old_value, 0, old_value_size);
+ VIR_FREE(old_value);
+ }
+ new_value = NULL;
+
+ ret = 0;
+ goto cleanup;
+
+ restore_backup:
+ /* Error - restore previous state and free new value */
+ secret->value = old_value;
+ secret->value_size = old_value_size;
+ memset(new_value, 0, value_size);
+ if (secret_is_new) {
+ /* "secret" was added to the head of the list above */
+ if (listUnlink(&driverState->secrets) != secret)
+ /* abort() instead? */
+ virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("list of secrets is inconsistent"));
+ else
+ secretFree(secret);
+ }
+
+ cleanup:
+ secretDriverUnlock(driver);
+
+ VIR_FREE(new_value);
+
+ return ret;
+}
+
+static void *
+secretGetValue(virConnectPtr conn, const char *secret_id, size_t *secret_size,
+ bool libvirt_internal_call)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ unsigned char *ret = NULL;
+ virSecretPtr *pptr, secret;
+
+ secretDriverLock(driver);
+
+ pptr = secretFind(driver, secret_id);
+ if (pptr == NULL || (*pptr)->value == NULL) {
+ virSecretReportError(conn, VIR_ERR_NO_SECRET,
+ _("no secret with matching id '%s'"),
secret_id);
+ goto cleanup;
+ }
+ secret = *pptr;
+
+ if (!libvirt_internal_call && secret->private) {
+ virSecretReportError(conn, VIR_ERR_OPERATION_DENIED, "%s",
+ virErrorMsg(VIR_ERR_OPERATION_DENIED, NULL));
+ goto cleanup;
+ }
+
+ if (VIR_ALLOC_N(ret, secret->value_size) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ memcpy(ret, secret->value, secret->value_size);
+ *secret_size = secret->value_size;
+
+ cleanup:
+ secretDriverUnlock(driver);
+
+ return ret;
+}
+
+static int
+secretDelete(virConnectPtr conn, const char *secret_id)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ int ret = -1;
+ virSecretPtr *pptr, secret;
+
+ secretDriverLock(driver);
+
+ pptr = secretFind(driver, secret_id);
+ if (pptr == NULL) {
+ virSecretReportError(conn, VIR_ERR_NO_SECRET,
+ _("no secret with matching id '%s'"),
secret_id);
+ goto cleanup;
+ }
+
+ secret = listUnlink(pptr);
+ if (!secret->ephemeral) {
+ if (saveSecrets(conn, driver) < 0)
+ goto restore_backup;
+ }
+ secretFree(secret);
+
+ ret = 0;
+ goto cleanup;
+
+ restore_backup:
+ /* This may change the order of secrets in the list. We don't care. */
+ listInsert(&driver->secrets, secret);
+
+ cleanup:
+ secretDriverUnlock(driver);
+
+ return ret;
+}
+
+static int
+secretNumOfSecrets(virConnectPtr conn)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ int i;
+ virSecretPtr secret;
+
+ secretDriverLock(driver);
+
+ i = 0;
+ for (secret = driver->secrets; secret != NULL; secret = secret->next)
+ i++;
+
+ secretDriverUnlock(driver);
+ return i;
+}
+
+static int
+secretListSecrets(virConnectPtr conn, char **ids, int maxids)
+{
+ virSecretDriverStatePtr driver = conn->secretPrivateData;
+ int i;
+ virSecretPtr secret;
+
+ memset(ids, 0, maxids * sizeof(*ids));
+
+ secretDriverLock(driver);
+
+ i = 0;
+ for (secret = driver->secrets; secret != NULL; secret = secret->next) {
+ if (i == maxids)
+ break;
+ ids[i] = strdup(secret->id);
+ if (ids[i] == NULL)
+ goto cleanup;
+ i++;
+ }
+
+ secretDriverUnlock(driver);
+ return i;
+
+ cleanup:
+ secretDriverUnlock(driver);
+
+ for (i = 0; i < maxids; i++)
+ VIR_FREE(ids[i]);
+
+ return -1;
+}
+
+static int
+secretDriverCleanup(void)
+{
+ if (driverState == NULL)
+ return -1;
+
+ secretDriverLock(driverState);
+
+ while (driverState->secrets != NULL) {
+ virSecretPtr s;
+
+ s = listUnlink(&driverState->secrets);
+ secretFree(s);
+ }
+ VIR_FREE(driverState->filename);
+
+ secretDriverUnlock(driverState);
+ virMutexDestroy(&driverState->lock);
+ VIR_FREE(driverState);
+
+ return 0;
+}
+
+static int
+secretDriverStartup(int privileged)
+{
+ char *base = NULL;
+
+ if (VIR_ALLOC(driverState) < 0)
+ return -1;
+
+ if (virMutexInit(&driverState->lock) < 0) {
+ VIR_FREE(driverState);
+ return -1;
+ }
+ secretDriverLock(driverState);
+
+ if (privileged) {
+ base = strdup(SYSCONF_DIR "/libvirt");
+ if (base == NULL)
+ goto out_of_memory;
+ } else {
+ uid_t uid = geteuid();
+ char *userdir = virGetUserDirectory(NULL, uid);
+
+ if (!userdir)
+ goto error;
+
+ if (virAsprintf(&base, "%s/.libvirt", userdir) == -1) {
+ secretLog("out of memory in virAsprintf");
+ VIR_FREE(userdir);
+ goto out_of_memory;
+ }
+ VIR_FREE(userdir);
+ }
+ if (virAsprintf(&driverState->filename, "%s/secrets", base) == -1)
+ goto out_of_memory;
+ VIR_FREE(base);
+
+ if (loadSecrets(NULL, driverState, &driverState->secrets) < 0)
+ goto error;
+
+ secretDriverUnlock(driverState);
+ return 0;
+
+ out_of_memory:
+ secretLog("virSecretStartup: out of memory");
+ error:
+ VIR_FREE(base);
+ secretDriverUnlock(driverState);
+ secretDriverCleanup();
+ return -1;
+}
+
+static int
+secretDriverReload(void)
+{
+ virSecretPtr new_secrets = NULL;
+
+ if (!driverState)
+ return -1;
+
+ secretDriverLock(driverState);
+
+ if (loadSecrets(NULL, driverState, &new_secrets) < 0)
+ goto end;
+
+ /* Keep ephemeral secrets from current state. Discard non-ephemeral secrets
+ that were removed by the secrets file. */
+ while (driverState->secrets != NULL) {
+ virSecretPtr s;
+
+ s = listUnlink(&driverState->secrets);
+ if (s->ephemeral)
+ listInsert(&new_secrets, s);
+ else
+ secretFree(s);
+ }
+ driverState->secrets = new_secrets;
+
+ end:
+ secretDriverUnlock(driverState);
+ return 0;
+}
+
+static virSecretDriver secretDriver = {
+ .name = "secret",
+ .open = secretOpen,
+ .close = secretClose,
+ .allocateID = secretAllocateID,
+ .setXML = secretSetXML,
+ .getXML = secretGetXML,
+ .setValue = secretSetValue,
+ .getValue = secretGetValue,
+ .delete = secretDelete,
+ .numOfSecrets = secretNumOfSecrets,
+ .listSecrets = secretListSecrets
+};
+
+static virStateDriver stateDriver = {
+ .initialize = secretDriverStartup,
+ .cleanup = secretDriverCleanup,
+ .reload = secretDriverReload,
+ .active = NULL /* All persistent state is immediately saved to disk */
+};
+
+int
+secretRegister(void)
+{
+ virRegisterSecretDriver(&secretDriver);
+ virRegisterStateDriver(&stateDriver);
+ return 0;
+}
diff --git a/src/secret_driver.h b/src/secret_driver.h
new file mode 100644
index 0000000..0d0b80a
--- /dev/null
+++ b/src/secret_driver.h
@@ -0,0 +1,28 @@
+/*
+ * secret_driver.h: local driver for secret manipulation API
+ *
+ * Copyright (C) 2009 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Red Hat Author: Miloslav Trmač <mitr(a)redhat.com>
+ */
+
+#ifndef __VIR_SECRET_DRIVER_H__
+#define __VIR_SECRET_DRIVER_H__
+
+int secretRegister(void);
+
+#endif /* __VIR_SECRET_DRIVER_H__ */
diff --git a/src/test.c b/src/test.c
index 305f2c9..7c8f85b 100644
--- a/src/test.c
+++ b/src/test.c
@@ -4173,6 +4173,20 @@ static void testDomainEventQueue(testConnPtr driver,
virEventUpdateTimeout(driver->domainEventTimer, 0);
}
+static virDrvOpenStatus testSecretOpen(virConnectPtr conn,
+ virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ int flags ATTRIBUTE_UNUSED) {
+ if (STRNEQ(conn->driver->name, "Test"))
+ return VIR_DRV_OPEN_DECLINED;
+
+ conn->secretPrivateData = conn->privateData;
+ return VIR_DRV_OPEN_SUCCESS;
+}
+
+static int testSecretClose(virConnectPtr conn) {
+ conn->secretPrivateData = NULL;
+ return 0;
+}
static virDriver testDriver = {
VIR_DRV_TEST,
@@ -4328,6 +4342,11 @@ static virDeviceMonitor testDevMonitor = {
.close = testDevMonClose,
};
+static virSecretDriver testSecretDriver = {
+ .name = "Test",
+ .open = testSecretOpen,
+ .close = testSecretClose,
+};
/**
@@ -4348,6 +4367,8 @@ testRegister(void)
return -1;
if (virRegisterDeviceMonitor(&testDevMonitor) < 0)
return -1;
+ if (virRegisterSecretDriver(&testSecretDriver) < 0)
+ return -1;
return 0;
}
diff --git a/src/virterror.c b/src/virterror.c
index ba66238..137405a 100644
--- a/src/virterror.c
+++ b/src/virterror.c
@@ -1077,6 +1077,12 @@ virErrorMsg(virErrorNumber error, const char *info)
else
errmsg = _("Failed to find a secret storage driver: %s");
break;
+ case VIR_ERR_NO_SECRET:
+ if (info == NULL)
+ errmsg = _("Secret not found");
+ else
+ errmsg = _("Secret not found: %s");
+ break;
}
return (errmsg);
}
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 08/20] Secret manipulation step 8: Add virsh commands
---
src/virsh.c | 304 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 304 insertions(+), 0 deletions(-)
diff --git a/src/virsh.c b/src/virsh.c
index 94c3c4e..ad49052 100644
--- a/src/virsh.c
+++ b/src/virsh.c
@@ -41,6 +41,7 @@
#endif
#include "internal.h"
+#include "base64.h"
#include "buf.h"
#include "console.h"
#include "util.h"
@@ -5249,9 +5250,303 @@ cmdVolPath(vshControl *ctl, const vshCmd *cmd)
}
+/*
+ * "secret-allocate-id" command
+ */
+static const vshCmdInfo info_secret_allocate_id[] = {
+ {"help", gettext_noop("allocate an ID for a secret")},
+ {"desc", gettext_noop("Allocate an ID for a secret")},
+ {NULL, NULL}
+};
+
+static int
+cmdSecretAllocateID(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED)
+{
+ char *secret_id;
+
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+
+ secret_id = virSecretAllocateID(ctl->conn);
+ if (secret_id == NULL) {
+ vshError(ctl, FALSE, "%s", _("failed to allocate a secret
ID"));
+ return FALSE;
+ }
+
+ vshPrint(ctl, "%s\n", secret_id);
+ free(secret_id);
+
+ return TRUE;
+}
+
+/*
+ * "secret-set-xml" command
+ */
+static const vshCmdInfo info_secret_set_xml[] = {
+ {"help", gettext_noop("set attributes of a secret from an XML
file")},
+ {"desc", gettext_noop("Set attributes of a secret from an XML
file")},
+ {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_secret_set_xml[] = {
+ {"secret-id", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("secret
ID")},
+ {"file", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("file containing
secret attributes in XML")},
+ {NULL, 0, 0, NULL}
+};
+static int
+cmdSecretSetXML(vshControl *ctl, const vshCmd *cmd)
+{
+ char *secret_id, *from;
+ int found, res;
+ char *buffer;
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+ secret_id = vshCommandOptString(cmd, "secret-id", &found);
+ if (!found)
+ return FALSE;
+
+ from = vshCommandOptString(cmd, "file", &found);
+ if (!found)
+ return FALSE;
+
+ if (virFileReadAll(from, VIRSH_MAX_XML_FILE, &buffer) < 0)
+ return FALSE;
+
+ res = virSecretSetXML(ctl->conn, secret_id, buffer);
+ free (buffer);
+
+ if (res != 0) {
+ vshError(ctl, FALSE, _("Failed to set attributes from %s"), from);
+ return FALSE;
+ }
+ vshPrint(ctl, _("Attributes set from %s\n"), from);
+ return TRUE;
+}
+
+/*
+ * "secret-get-xml" command
+ */
+static const vshCmdInfo info_secret_get_xml[] = {
+ {"help", gettext_noop("secret attributes in XML")},
+ {"desc", gettext_noop("Output attributes of a secret as an XML dump to
stdout.")},
+ {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_secret_get_xml[] = {
+ {"secret-id", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("secret
ID")},
+ {NULL, 0, 0, NULL}
+};
+
+static int
+cmdSecretGetXML(vshControl *ctl, const vshCmd *cmd)
+{
+ char *secret_id;
+ int found;
+ char *xml;
+
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+
+ secret_id = vshCommandOptString(cmd, "secret-id", &found);
+ if (!found)
+ return FALSE;
+
+ xml = virSecretGetXML(ctl->conn, secret_id);
+ if (xml == NULL)
+ return FALSE;
+
+ printf("%s", xml);
+ free(xml);
+ return TRUE;
+}
+
+/*
+ * "secret-set-value" command
+ */
+static const vshCmdInfo info_secret_set_value[] = {
+ {"help", gettext_noop("set a secret value")},
+ {"desc", gettext_noop("Set a secret value")},
+ {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_secret_set_value[] = {
+ {"secret-id", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("secret
ID")},
+ {"base64", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("base64-encoded
secret value")},
+ {NULL, 0, 0, NULL}
+};
+
+static int
+cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd)
+{
+ size_t value_size;
+ char *secret_id, *base64, *value;
+ int found, res;
+
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+
+ secret_id = vshCommandOptString(cmd, "secret-id", &found);
+ if (!found)
+ return FALSE;
+
+ base64 = vshCommandOptString(cmd, "base64", &found);
+ if (!base64)
+ return FALSE;
+
+ if (!base64_decode_alloc(base64, strlen(base64), &value, &value_size)) {
+ vshError(ctl, FALSE, _("Invalid base64 data"));
+ return FALSE;
+ }
+ if (value == NULL) {
+ vshError(ctl, FALSE, "%s", _("Failed to allocate memory"));
+ return FALSE;
+ }
+
+ res = virSecretSetValue(ctl->conn, secret_id, value, value_size);
+ memset(value, 0, value_size);
+ free (value);
+
+ if (res != 0) {
+ vshError(ctl, FALSE, "%s", _("Failed to set secret value"));
+ return FALSE;
+ }
+ vshPrint(ctl, "%s", _("Secret value set\n"));
+ return TRUE;
+}
+
+/*
+ * "secret-get-value" command
+ */
+static const vshCmdInfo info_secret_get_value[] = {
+ {"help", gettext_noop("Output a secret value")},
+ {"desc", gettext_noop("Output a secret value to stdout.")},
+ {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_secret_get_value[] = {
+ {"secret-id", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("secret
ID")},
+ {NULL, 0, 0, NULL}
+};
+
+static int
+cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd)
+{
+ char *secret_id, *base64;
+ int found;
+ size_t value_size;
+ void *value;
+
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+
+ secret_id = vshCommandOptString(cmd, "secret-id", &found);
+ if (!found)
+ return FALSE;
+
+ value = virSecretGetValue(ctl->conn, secret_id, &value_size);
+ if (value == NULL)
+ return FALSE;
+
+ base64_encode_alloc(value, value_size, &base64);
+ memset(value, 0, value_size);
+ free(value);
+
+ if (base64 == NULL) {
+ vshError(ctl, FALSE, "%s", _("Failed to allocate memory"));
+ return FALSE;
+ }
+ printf("%s", base64);
+ memset(base64, 0, strlen(base64));
+ free(base64);
+
+ return TRUE;
+}
+
+/*
+ * "secret-delete" command
+ */
+static const vshCmdInfo info_secret_delete[] = {
+ {"help", gettext_noop("delete a secret")},
+ {"desc", gettext_noop("Delete a secret.")},
+ {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_secret_delete[] = {
+ {"secret-id", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("secret
ID")},
+ {NULL, 0, 0, NULL}
+};
+
+static int
+cmdSecretDelete(vshControl *ctl, const vshCmd *cmd)
+{
+ char *secret_id;
+ int found, ret;
+
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+
+ secret_id = vshCommandOptString(cmd, "secret-id", &found);
+ if (!found)
+ return FALSE;
+
+ ret = virSecretDelete(ctl->conn, secret_id);
+ if (ret < 0) {
+ vshError(ctl, FALSE, _("Failed to delete secret %s"), secret_id);
+ return FALSE;
+ }
+
+ vshPrint(ctl, _("Secret %s deleted\n"), secret_id);
+
+ return TRUE;
+}
+
+/*
+ * "secret-list" command
+ */
+static const vshCmdInfo info_secret_list[] = {
+ {"help", gettext_noop("list secrets")},
+ {"desc", gettext_noop("Returns a list of secrets")},
+ {NULL, NULL}
+};
+
+static int
+cmdSecretList(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED)
+{
+ int maxids = 0, i;
+ char **ids = NULL;
+
+ if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
+ return FALSE;
+
+ maxids = virSecretNumOfSecrets(ctl->conn);
+ if (maxids < 0) {
+ vshError(ctl, FALSE, "%s", _("Failed to list secrets"));
+ return FALSE;
+ }
+ ids = vshMalloc(ctl, sizeof(*ids) * maxids);
+
+ maxids = virSecretListSecrets(ctl->conn, ids, maxids);
+ if (maxids < 0) {
+ vshError(ctl, FALSE, "%s", _("Failed to list secrets"));
+ free(ids);
+ return FALSE;
+ }
+
+ qsort(ids, maxids, sizeof(char *), namesorter);
+
+ vshPrintExtra(ctl, "%s\n", _("Secret ID"));
+ vshPrintExtra(ctl, "-----------------------------------------\n");
+
+ for (i = 0; i < maxids; i++) {
+ vshPrint(ctl, "%-36s\n", ids[i]);
+ free(ids[i]);
+ }
+ free(ids);
+ return TRUE;
+}
/*
@@ -6921,6 +7216,15 @@ static const vshCmdDef commands[] = {
{"pool-undefine", cmdPoolUndefine, opts_pool_undefine,
info_pool_undefine},
{"pool-uuid", cmdPoolUuid, opts_pool_uuid, info_pool_uuid},
+ {"secret-allocate-id", cmdSecretAllocateID, NULL,
info_secret_allocate_id},
+ {"secret-set-xml", cmdSecretSetXML, opts_secret_set_xml,
info_secret_set_xml},
+ {"secret-get-xml", cmdSecretGetXML, opts_secret_get_xml,
info_secret_get_xml},
+ {"secret-set-value", cmdSecretSetValue, opts_secret_set_value,
info_secret_set_value},
+ {"secret-get-value", cmdSecretGetValue, opts_secret_get_value,
info_secret_get_value},
+ {"secret-delete", cmdSecretDelete, opts_secret_delete,
info_secret_delete},
+ {"secret-list", cmdSecretList, NULL, info_secret_list},
+
+
#ifndef WIN32
{"pwd", cmdPwd, NULL, info_pwd},
#endif
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 09/20] Secret manipulation step 9: Rebuild API docs
This commit represents results of (make -C docs api) - if this patch
does not apply, just re-run the command.
The API data gathered by this commit is necessary to make step 10 (Python
bindings) usable.
---
docs/devhelp/libvirt-libvirt.html | 73 +++++-
docs/devhelp/libvirt-virterror.html | 11 +-
docs/html/libvirt-libvirt.html | 40 +++-
docs/html/libvirt-virterror.html | 4 +-
docs/libvirt-api.xml | 125 +++++++++--
docs/libvirt-refs.xml | 417 ++++++++++++++++++++++++++---------
6 files changed, 528 insertions(+), 142 deletions(-)
diff --git a/docs/devhelp/libvirt-libvirt.html b/docs/devhelp/libvirt-libvirt.html
index 439934a..ce2b90a 100644
--- a/docs/devhelp/libvirt-libvirt.html
+++ b/docs/devhelp/libvirt-libvirt.html
@@ -131,7 +131,7 @@ int <a
href="#virConnectDomainEventDeregister">virConnectDomainEventDeregister</
int <a
href="#virDomainGetSchedulerParameters">virDomainGetSchedulerParameters</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> <a
href="libvirt-libvirt.html#virSchedParameterPtr">virSchedParameterPtr</a>
params, <br/> int * nparams);
<a href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> <a
href="#virDomainLookupByUUIDString">virDomainLookupByUUIDString</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * uuidstr);
int <a
href="#virConnectNumOfDefinedNetworks">virConnectNumOfDefinedNetworks</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
-int <a
href="#virConnectNumOfDomains">virConnectNumOfDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
+int <a
href="#virConnectListDefinedInterfaces">virConnectListDefinedInterfaces</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames);
int <a href="#virNetworkGetUUID">virNetworkGetUUID</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network,
<br/> unsigned char * uuid);
char * <a
href="#virInterfaceGetXMLDesc">virInterfaceGetXMLDesc</a> (<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a> iface,
<br/> unsigned int flags);
<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> <a
href="#virStoragePoolGetConnect">virStoragePoolGetConnect</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool);
@@ -148,6 +148,7 @@ int <a
href="#virDomainSetMaxMemory">virDomainSetMaxMemory</a> (<a
href="libvir
void <a
href="#virEventRegisterImpl">virEventRegisterImpl</a> (<a
href="libvirt-libvirt.html#virEventAddHandleFunc">virEventAddHandleFunc</a>
addHandle, <br/> <a
href="libvirt-libvirt.html#virEventUpdateHandleFunc">virEventUpdateHandleFunc</a>
updateHandle, <br/> <a
href="libvirt-libvirt.html#virEventRemoveHandleFunc">virEventRemoveHandleFunc</a>
removeHandle, <br/> <a
href="libvirt-libvirt.html#virEventAddTimeoutFunc">virEventAddTimeoutFunc</a>
addTimeout, <br/> <a
href="libvirt-libvirt.html#virEventUpdateTimeoutFunc">virEventUpdateTimeoutFunc</a>
updateTimeout, <br/> <a
href="libvirt-libvirt.html#virEventRemoveTimeoutFunc">virEventRemoveTimeoutFunc</a>
removeTimeout);
<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a> <a
href="#virInterfaceDefineXML">virInterfaceDefineXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * xml, <br/> unsigned int flags);
<a href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> <a
href="#virDomainMigrate">virDomainMigrate</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> <a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> dconn,
<br/> unsigned long flags, <br/> const char * dname,
<br/> const char * uri, <br/> unsigned long bandwidth);
+int <a
href="#virSecretNumOfSecrets">virSecretNumOfSecrets</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
int <a href="#virDomainSuspend">virDomainSuspend</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain);
<a href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> <a
href="#virDomainCreateLinux">virDomainCreateLinux</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * xmlDesc, <br/> unsigned int flags);
char * <a
href="#virNodeDeviceGetXMLDesc">virNodeDeviceGetXMLDesc</a> (<a
href="libvirt-libvirt.html#virNodeDevicePtr">virNodeDevicePtr</a> dev,
<br/> unsigned int flags);
@@ -172,17 +173,20 @@ char * <a
href="#virConnectDomainXMLToNative">virConnectDomainXMLToNative</a> (<
int <a
href="#virDomainSetSchedulerParameters">virDomainSetSchedulerParameters</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> <a
href="libvirt-libvirt.html#virSchedParameterPtr">virSchedParameterPtr</a>
params, <br/> int nparams);
const char * <a
href="#virConnectGetType">virConnectGetType</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> <a
href="#virStorageVolCreateXML">virStorageVolCreateXML</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> const char * xmldesc, <br/> unsigned int flags);
+int <a href="#virSecretSetXML">virSecretSetXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id, <br/> const char * xml);
int <a href="#virDomainSave">virDomainSave</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> const char * to);
int <a href="#virDomainCreate">virDomainCreate</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain);
int <a
href="#virConnectListDomains">virConnectListDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> int * ids, <br/> int maxids);
int <a href="#virDomainCoreDump">virDomainCoreDump</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> const char * to, <br/> int flags);
int <a href="#virDomainSetMemory">virDomainSetMemory</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> unsigned long memory);
+int <a href="#virSecretDelete">virSecretDelete</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id);
const char * <a
href="#virInterfaceGetName">virInterfaceGetName</a> (<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a>
iface);
int <a
href="#virStoragePoolCreate">virStoragePoolCreate</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> unsigned int flags);
int <a href="#virNodeGetInfo">virNodeGetInfo</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> <a
href="libvirt-libvirt.html#virNodeInfoPtr">virNodeInfoPtr</a> info);
int <a
href="#virNetworkSetAutostart">virNetworkSetAutostart</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network,
<br/> int autostart);
unsigned long <a
href="#virDomainGetMaxMemory">virDomainGetMaxMemory</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain);
int <a href="#virStoragePoolFree">virStoragePoolFree</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool);
+int <a
href="#virConnectNumOfDefinedInterfaces">virConnectNumOfDefinedInterfaces</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
typedef void <a href="#virFreeCallback">virFreeCallback</a> (void
* opaque);
<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> <a
href="#virNetworkDefineXML">virNetworkDefineXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * xml);
int <a
href="#virNodeDeviceListCaps">virNodeDeviceListCaps</a> (<a
href="libvirt-libvirt.html#virNodeDevicePtr">virNodeDevicePtr</a> dev,
<br/> char ** const names, <br/> int maxnames);
@@ -209,8 +213,10 @@ char * <a
href="#virConnectFindStoragePoolSources">virConnectFindStoragePoolSour
int <a href="#virDomainPinVcpu">virDomainPinVcpu</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> unsigned int vcpu, <br/> unsigned char * cpumap,
<br/> int maplen);
int <a
href="#virNodeGetSecurityModel">virNodeGetSecurityModel</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> <a
href="libvirt-libvirt.html#virSecurityModelPtr">virSecurityModelPtr</a>
secmodel);
int <a href="#virDomainRestore">virDomainRestore</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * from);
+char * <a
href="#virSecretAllocateID">virSecretAllocateID</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
int <a
href="#virNodeDeviceDestroy">virNodeDeviceDestroy</a> (<a
href="libvirt-libvirt.html#virNodeDevicePtr">virNodeDevicePtr</a>
dev);
char * <a
href="#virStorageVolGetPath">virStorageVolGetPath</a> (<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a>
vol);
+char * <a href="#virSecretGetXML">virSecretGetXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id);
<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> <a
href="#virNetworkLookupByUUIDString">virNetworkLookupByUUIDString</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * uuidstr);
typedef int <a
href="#virConnectDomainEventCallback">virConnectDomainEventCallback</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> <a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> dom,
<br/> int event, <br/> int detail, <br/> void * opaque);
<a href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> <a
href="#virDomainLookupByID">virDomainLookupByID</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> int id);
@@ -223,6 +229,7 @@ int <a
href="#virConnectListDefinedNetworks">virConnectListDefinedNetworks</a> (
int <a href="#virConnectRef">virConnectRef</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
int <a href="#virDomainGetUUID">virDomainGetUUID</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> unsigned char * uuid);
<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> <a
href="#virNetworkCreateXML">virNetworkCreateXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * xmlDesc);
+int <a href="#virNetworkUndefine">virNetworkUndefine</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network);
int <a
href="#virConnectDomainEventRegister">virConnectDomainEventRegister</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> <a
href="libvirt-libvirt.html#virConnectDomainEventCallback">virConnectDomainEventCallback</a>
cb, <br/> void * opaque, <br/> <a
href="libvirt-libvirt.html#virFreeCallback">virFreeCallback</a>
freecb);
int <a href="#virDomainGetVcpus">virDomainGetVcpus</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br/> <a
href="libvirt-libvirt.html#virVcpuInfoPtr">virVcpuInfoPtr</a> info,
<br/> int maxinfo, <br/> unsigned char * cpumaps, <br/>
int maplen);
<a
href="libvirt-libvirt.html#virNodeDevicePtr">virNodeDevicePtr</a> <a
href="#virNodeDeviceLookupByName">virNodeDeviceLookupByName</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * name);
@@ -230,7 +237,7 @@ int <a
href="#virStoragePoolGetInfo">virStoragePoolGetInfo</a> (<a
href="libvir
int <a href="#virDomainResume">virDomainResume</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain);
int <a href="#virInterfaceRef">virInterfaceRef</a> (<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a>
iface);
const char * <a
href="#virInterfaceGetMACString">virInterfaceGetMACString</a> (<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a>
iface);
-int <a href="#virNetworkRef">virNetworkRef</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network);
+int <a
href="#virConnectNumOfDomains">virConnectNumOfDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
int <a
href="#virStoragePoolRefresh">virStoragePoolRefresh</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> unsigned int flags);
int <a
href="#virConnectNumOfDefinedDomains">virConnectNumOfDefinedDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> <a
href="#virStorageVolCreateXMLFrom">virStorageVolCreateXMLFrom</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> const char * xmldesc, <br/> <a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a>
clonevol, <br/> unsigned int flags);
@@ -254,7 +261,7 @@ char * <a
href="#virConnectGetURI">virConnectGetURI</a> (<a
href="libvirt-libvi
int <a href="#virNetworkFree">virNetworkFree</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network);
<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a> <a
href="#virStoragePoolLookupByUUID">virStoragePoolLookupByUUID</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const unsigned char * uuid);
typedef int <a
href="#virEventAddHandleFunc">virEventAddHandleFunc</a> (int fd,
<br/> int event, <br/> <a
href="libvirt-libvirt.html#virEventHandleCallback">virEventHandleCallback</a>
cb, <br/> void * opaque, <br/> <a
href="libvirt-libvirt.html#virFreeCallback">virFreeCallback</a> ff);
-int <a href="#virNetworkUndefine">virNetworkUndefine</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network);
+int <a href="#virNetworkRef">virNetworkRef</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> network);
int <a
href="#virConnectListDefinedStoragePools">virConnectListDefinedStoragePools</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames);
typedef void <a
href="#virEventTimeoutCallback">virEventTimeoutCallback</a> (int
timer, <br/> void * opaque);
int <a href="#virInterfaceFree">virInterfaceFree</a> (<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a>
iface);
@@ -263,11 +270,13 @@ int <a
href="#virNodeDeviceNumOfCaps">virNodeDeviceNumOfCaps</a> (<a
href="libv
<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> <a
href="#virNetworkGetConnect">virNetworkGetConnect</a> (<a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a> net);
unsigned long long <a
href="#virNodeGetFreeMemory">virNodeGetFreeMemory</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn);
int <a href="#virInterfaceDestroy">virInterfaceDestroy</a> (<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a> iface,
<br/> unsigned int flags);
+int <a href="#virSecretSetValue">virSecretSetValue</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id, <br/> const void * secret,
<br/> size_t secret_size);
<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> <a
href="#virStorageVolGetConnect">virStorageVolGetConnect</a> (<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a>
vol);
int <a href="#virNodeNumOfDevices">virNodeNumOfDevices</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * cap, <br/> unsigned int flags);
int <a
href="#virStoragePoolDestroy">virStoragePoolDestroy</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool);
<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a> <a
href="#virStoragePoolLookupByVolume">virStoragePoolLookupByVolume</a> (<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a>
vol);
<a href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> <a
href="#virDomainLookupByUUID">virDomainLookupByUUID</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const unsigned char * uuid);
+int <a
href="#virSecretListSecrets">virSecretListSecrets</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** ids, <br/> int maxids);
char * <a href="#virDomainGetOSType">virDomainGetOSType</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain);
int <a href="#virStoragePoolBuild">virStoragePoolBuild</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> unsigned int flags);
int <a
href="#virConnectGetMaxVcpus">virConnectGetMaxVcpus</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * type);
@@ -289,6 +298,7 @@ typedef int <a
href="#virEventAddTimeoutFunc">virEventAddTimeoutFunc</a> (int t
<a
href="libvirt-libvirt.html#virInterfacePtr">virInterfacePtr</a> <a
href="#virInterfaceLookupByName">virInterfaceLookupByName</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * name);
int <a
href="#virDomainInterfaceStats">virDomainInterfaceStats</a> (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> dom,
<br/> const char * path, <br/> <a
href="libvirt-libvirt.html#virDomainInterfaceStatsPtr">virDomainInterfaceStatsPtr</a>
stats, <br/> size_t size);
int <a
href="#virConnectListNetworks">virConnectListNetworks</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames);
+void * <a href="#virSecretGetValue">virSecretGetValue</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id, <br/> size_t * secret_size);
<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> <a
href="#virStorageVolLookupByKey">virStorageVolLookupByKey</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * key);
</pre>
</div>
@@ -527,7 +537,8 @@ The content of this structure is not made public by the API.
</div>
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virDomainMemoryFlags">Enum
</a>virDomainMemoryFlags</h3><pre class="programlisting">enum
<a href="#virDomainMemoryFlags">virDomainMemoryFlags</a> {
- <a name="VIR_MEMORY_VIRTUAL">VIR_MEMORY_VIRTUAL</a> = 1 /*
addresses are virtual addresses */
+ <a name="VIR_MEMORY_VIRTUAL">VIR_MEMORY_VIRTUAL</a> = 1 /*
addresses are virtual addresses */
+ <a name="VIR_MEMORY_PHYSICAL">VIR_MEMORY_PHYSICAL</a> = 2 /*
addresses are physical addresses */
};
</pre><p/>
</div>
@@ -863,6 +874,10 @@ The content of this structure is not made public by the API.
</pre><p>list the defined but inactive domains, stores the pointers to the
names in @names</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>pointer
to an array to store the names</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of names provided in the array or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virConnectListDefinedInterfaces"/>virConnectListDefinedInterfaces
()</h3><pre
class="programlisting">int virConnectListDefinedInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames)<br/>
+</pre><p>Collect the list of defined (inactive) physical host interfaces, and
store their names in @names.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of names of
interfaces</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interfaces found or -1 in case of
error</td></tr></tbody></table></div></div>
+ <hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectListDefinedNetworks"/>virConnectListDefinedNetworks
()</h3><pre
class="programlisting">int virConnectListDefinedNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames)<br/>
</pre><p>list the inactive networks, stores the pointers to the names in
@names</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>pointer
to an array to store the names</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of names provided in the array or -1 in case of
error</td></tr></tbody></table></div></div>
@@ -876,7 +891,7 @@ The content of this structure is not made public by the API.
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>ids</tt></i>:</span></td><td>array
to collect the list of IDs of active
domains</td></tr><tr><td><span
class="term"><i><tt>maxids</tt></i>:</span></td><td>size
of @ids</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectListInterfaces"/>virConnectListInterfaces
()</h3><pre
class="programlisting">int virConnectListInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames)<br/>
-</pre><p>Collect the list of physical host interfaces, and store their names
in @names</p>
+</pre><p>Collect the list of active physical host interfaces, and store their
names in @names</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of names of
interfaces</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interfaces found or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectListNetworks"/>virConnectListNetworks ()</h3><pre
class="programlisting">int virConnectListNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** const names, <br/> int maxnames)<br/>
@@ -891,6 +906,10 @@ The content of this structure is not made public by the API.
</pre><p>Provides the number of defined but inactive domains.</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virConnectNumOfDefinedInterfaces"/>virConnectNumOfDefinedInterfaces
()</h3><pre
class="programlisting">int virConnectNumOfDefinedInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
+</pre><p>Provides the number of defined (inactive) interfaces on the physical
host.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of defined interface found or -1 in case of
error</td></tr></tbody></table></div></div>
+ <hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectNumOfDefinedNetworks"/>virConnectNumOfDefinedNetworks
()</h3><pre
class="programlisting">int virConnectNumOfDefinedNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
</pre><p>Provides the number of inactive networks.</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of networks found or -1 in case of
error</td></tr></tbody></table></div></div>
@@ -904,8 +923,8 @@ The content of this structure is not made public by the API.
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectNumOfInterfaces"/>virConnectNumOfInterfaces
()</h3><pre
class="programlisting">int virConnectNumOfInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
-</pre><p>Provides the number of interfaces on the physical host.</p>
-<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interface found or -1 in case of
error</td></tr></tbody></table></div></div>
+</pre><p>Provides the number of active interfaces on the physical
host.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of active interfaces found or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectNumOfNetworks"/>virConnectNumOfNetworks ()</h3><pre
class="programlisting">int virConnectNumOfNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
</pre><p>Provides the number of active networks.</p>
@@ -917,14 +936,14 @@ The content of this structure is not made public by the API.
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectOpen"/>virConnectOpen ()</h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpen (const
char * name)<br/>
</pre><p>This function should be called first to get a connection to the
Hypervisor and xen store</p>
-<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error If @name is NULL then
probing will be done to determine a suitable default driver to activate. This involves
trying each hypervisor in turn until one successfully opens. If the LIBVIRT_DEFAULT_URI
environment variable is set, then it will be used in preference to probing for a driver.
If connecting to an unprivileged hypervisor driver which requires the libvirtd daemon to
be active, it will automatically be launched if not already running. This can be prevented
by setting the environment variable LIBVIRT_AUTOSTART=0 URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectOpenAuth"/>virConnectOpenAuth ()</h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpenAuth (const
char * name, <br/> <a
href="libvirt-libvirt.html#virConnectAuthPtr">virConnectAuthPtr</a>
auth, <br/> int flags)<br/>
-</pre><p>This function should be called first to get a connection to the
Hypervisor. If necessary, authentication will be performed fetching credentials via the
callback</p>
+</pre><p>This function should be called first to get a connection to the
Hypervisor. If necessary, authentication will be performed fetching credentials via the
callback See <a
href="libvirt-libvirt.html#virConnectOpen">virConnectOpen</a> for notes
about environment variables which can have an effect on opening drivers</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>auth</tt></i>:</span></td><td>Authenticate
callback parameters</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>Open
flags</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectOpenReadOnly"/>virConnectOpenReadOnly ()</h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpenReadOnly (const
char * name)<br/>
-</pre><p>This function should be called first to get a restricted connection
to the library functionalities. The set of APIs usable are then restricted on the
available methods to control the domains.</p>
+</pre><p>This function should be called first to get a restricted connection
to the library functionalities. The set of APIs usable are then restricted on the
available methods to control the domains. See <a
href="libvirt-libvirt.html#virConnectOpen">virConnectOpen</a> for notes
about environment variables which can have an effect on opening drivers</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virConnectRef"/>virConnectRef ()</h3><pre
class="programlisting">int virConnectRef (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
@@ -1327,6 +1346,38 @@ The content of this structure is not made public by the API.
</pre><p>Provides the number of node devices. If the optional 'cap'
argument is non-NULL, then the count will be restricted to devices with the specified
capability</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>cap</tt></i>:</span></td><td>capability
name</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
(unused, pass 0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of node devices or -1 in case of
error</td></tr></tbody></table></div></div>
<hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretAllocateID"/>virSecretAllocateID ()</h3><pre
class="programlisting">char * virSecretAllocateID (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
+</pre><p>Allocates a secret ID (a printable string) without associating a
secret value with the ID.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
secret ID on success, or NULL on failure. The caller must free() the secret
ID.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretDelete"/>virSecretDelete ()</h3><pre
class="programlisting">int virSecretDelete (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id)<br/>
+</pre><p>Deletes the secret with secret_id (including the secret value and
all attributes).</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretGetValue"/>virSecretGetValue ()</h3><pre
class="programlisting">void * virSecretGetValue (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id, <br/> size_t *
secret_size)<br/>
+</pre><p>Fetches the secret value associated with secret_id.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>secret_size</tt></i>:</span></td><td>Place
for storing size of the secret</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
secret value on success, NULL on failure. The caller must free() the secret
value.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretGetXML"/>virSecretGetXML ()</h3><pre
class="programlisting">char * virSecretGetXML (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id)<br/>
+</pre><p>Fetches an XML document describing attributes of the
secret.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
XML document on success, NULL on failure. The caller must free() the
XML.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretListSecrets"/>virSecretListSecrets ()</h3><pre
class="programlisting">int virSecretListSecrets (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> char ** ids, <br/> int maxids)<br/>
+</pre><p>List the defined secret IDs, store pointers to names in
ids.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>ids</tt></i>:</span></td><td>Pointer
to an array to store the IDs</td></tr><tr><td><span
class="term"><i><tt>maxids</tt></i>:</span></td><td>size
of the array.</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of IDs provided in the array, or -1 on
failure.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretNumOfSecrets"/>virSecretNumOfSecrets ()</h3><pre
class="programlisting">int virSecretNumOfSecrets (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
conn)<br/>
+</pre><p>Fetch number of currently defined secret IDs.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number currently defined secret
IDs.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretSetValue"/>virSecretSetValue ()</h3><pre
class="programlisting">int virSecretSetValue (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id, <br/> const void * secret,
<br/> size_t secret_size)<br/>
+</pre><p>Associates a secret value with secret_id. Allocates secret_id if it
was not previously allocated.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>secret</tt></i>:</span></td><td>The
secret</td></tr><tr><td><span
class="term"><i><tt>secret_size</tt></i>:</span></td><td>Size
of the secret</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure.</td></tr></tbody></table></div></div>
+ <hr/>
+ <div class="refsect2" lang="en"><h3><a
name="virSecretSetXML"/>virSecretSetXML ()</h3><pre
class="programlisting">int virSecretSetXML (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br/> const char * secret_id, <br/> const char * xml)<br/>
+</pre><p>Replaces all attributes of the secret specified by secret_id by
attributes specified in xml (any attributes not specified in xml are discarded). Allocates
secret_id if it was not previously allocated.</p>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>xml</tt></i>:</span></td><td>XML
containing attributes of the secret.</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure.</td></tr></tbody></table></div></div>
+ <hr/>
<div class="refsect2" lang="en"><h3><a
name="virStoragePoolBuild"/>virStoragePoolBuild ()</h3><pre
class="programlisting">int virStoragePoolBuild (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> unsigned int flags)<br/>
</pre><p>Build the underlying storage pool</p>
<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>future
flags, use 0 for now</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, or -1 upon
failure</td></tr></tbody></table></div></div>
@@ -1421,7 +1472,7 @@ The content of this structure is not made public by the API.
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virStoragePoolUndefine"/>virStoragePoolUndefine ()</h3><pre
class="programlisting">int virStoragePoolUndefine (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool)<br/>
</pre><p>Undefine an inactive storage pool</p>
-<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
object, or NULL if creation
failed</td></tr></tbody></table></div></div>
+<div class="variablelist"><table border="0"><col
align="left"/><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure</td></tr></tbody></table></div></div>
<hr/>
<div class="refsect2" lang="en"><h3><a
name="virStorageVolCreateXML"/>virStorageVolCreateXML ()</h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> virStorageVolCreateXML (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br/> const char * xmldesc, <br/> unsigned int
flags)<br/>
</pre><p>Create a storage volume within a pool based on an XML description.
Not all pools support creation of volumes</p>
diff --git a/docs/devhelp/libvirt-virterror.html b/docs/devhelp/libvirt-virterror.html
index 9f2efae..9107731 100644
--- a/docs/devhelp/libvirt-virterror.html
+++ b/docs/devhelp/libvirt-virterror.html
@@ -109,7 +109,10 @@ void <a
href="#virConnResetLastError">virConnResetLastError</a> (<a
href="libvi
<a name="VIR_FROM_SECURITY">VIR_FROM_SECURITY</a> = 24 /* Error
from security framework */
<a name="VIR_FROM_VBOX">VIR_FROM_VBOX</a> = 25 /* Error from
VirtualBox driver */
<a name="VIR_FROM_INTERFACE">VIR_FROM_INTERFACE</a> = 26 /*
Error when operating on an interface */
- <a name="VIR_FROM_ONE">VIR_FROM_ONE</a> = 27 /* Error from
OpenNebula driver */
+ <a name="VIR_FROM_ONE">VIR_FROM_ONE</a> = 27 /* Error from
OpenNebula driver */
+ <a name="VIR_FROM_ESX">VIR_FROM_ESX</a> = 28 /* Error from ESX
driver */
+ <a name="VIR_FROM_PHYP">VIR_FROM_PHYP</a> = 29 /* Error from
IBM power hypervisor */
+ <a name="VIR_FROM_SECRET">VIR_FROM_SECRET</a> = 30 /* Error
from secret storage */
};
</pre><p/>
</div>
@@ -181,7 +184,11 @@ void <a
href="#virConnResetLastError">virConnResetLastError</a> (<a
href="libvi
<a
name="VIR_ERR_OPERATION_INVALID">VIR_ERR_OPERATION_INVALID</a> = 55 /*
operation is not applicable at this time */
<a name="VIR_WAR_NO_INTERFACE">VIR_WAR_NO_INTERFACE</a> = 56 /*
failed to start interface driver */
<a name="VIR_ERR_NO_INTERFACE">VIR_ERR_NO_INTERFACE</a> = 57 /*
interface driver not running */
- <a
name="VIR_ERR_INVALID_INTERFACE">VIR_ERR_INVALID_INTERFACE</a> = 58 /*
invalid interface object */
+ <a
name="VIR_ERR_INVALID_INTERFACE">VIR_ERR_INVALID_INTERFACE</a> = 58 /*
invalid interface object */
+ <a
name="VIR_ERR_MULTIPLE_INTERFACES">VIR_ERR_MULTIPLE_INTERFACES</a> = 59
/* more than one matching interface found */
+ <a name="VIR_WAR_NO_SECRET">VIR_WAR_NO_SECRET</a> = 60 /*
failed to start secret storage */
+ <a name="VIR_ERR_NO_SECRET">VIR_ERR_NO_SECRET</a> = 61 /*
secret not found */
+ <a name="VIR_ERR_INVALID_SECRET">VIR_ERR_INVALID_SECRET</a> =
62 /* invalid secret */
};
</pre><p/>
</div>
diff --git a/docs/html/libvirt-libvirt.html b/docs/html/libvirt-libvirt.html
index 3eba3ad..766a57c 100644
--- a/docs/html/libvirt-libvirt.html
+++ b/docs/html/libvirt-libvirt.html
@@ -96,6 +96,7 @@ const char * <a
href="#virConnectGetType">virConnectGetType</a> (<a
href="libvir
char * <a href="#virConnectGetURI">virConnectGetURI</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
int <a
href="#virConnectGetVersion">virConnectGetVersion</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> unsigned long * hvVer)
int <a
href="#virConnectListDefinedDomains">virConnectListDefinedDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)
+int <a
href="#virConnectListDefinedInterfaces">virConnectListDefinedInterfaces</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)
int <a
href="#virConnectListDefinedNetworks">virConnectListDefinedNetworks</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)
int <a
href="#virConnectListDefinedStoragePools">virConnectListDefinedStoragePools</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)
int <a
href="#virConnectListDomains">virConnectListDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> int * ids, <br /> int maxids)
@@ -103,6 +104,7 @@ int <a
href="#virConnectListInterfaces">virConnectListInterfaces</a> (<a
href="l
int <a
href="#virConnectListNetworks">virConnectListNetworks</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)
int <a
href="#virConnectListStoragePools">virConnectListStoragePools</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)
int <a
href="#virConnectNumOfDefinedDomains">virConnectNumOfDefinedDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
+int <a
href="#virConnectNumOfDefinedInterfaces">virConnectNumOfDefinedInterfaces</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
int <a
href="#virConnectNumOfDefinedNetworks">virConnectNumOfDefinedNetworks</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
int <a
href="#virConnectNumOfDefinedStoragePools">virConnectNumOfDefinedStoragePools</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
int <a
href="#virConnectNumOfDomains">virConnectNumOfDomains</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
@@ -239,6 +241,14 @@ int <a
href="#virNodeGetInfo">virNodeGetInfo</a> (<a
href="libvirt-libvirt.htm
int <a
href="#virNodeGetSecurityModel">virNodeGetSecurityModel</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> <a
href="libvirt-libvirt.html#virSecurityModelPtr">virSecurityModelPtr</a>
secmodel)
int <a href="#virNodeListDevices">virNodeListDevices</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * cap, <br /> char ** const names, <br
/> int maxnames, <br /> unsigned int flags)
int <a href="#virNodeNumOfDevices">virNodeNumOfDevices</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * cap, <br /> unsigned int flags)
+char * <a
href="#virSecretAllocateID">virSecretAllocateID</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
+int <a href="#virSecretDelete">virSecretDelete</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id)
+void * <a href="#virSecretGetValue">virSecretGetValue</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id, <br /> size_t * secret_size)
+char * <a href="#virSecretGetXML">virSecretGetXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id)
+int <a
href="#virSecretListSecrets">virSecretListSecrets</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** ids, <br /> int maxids)
+int <a
href="#virSecretNumOfSecrets">virSecretNumOfSecrets</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)
+int <a href="#virSecretSetValue">virSecretSetValue</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id, <br /> const void * secret, <br
/> size_t secret_size)
+int <a href="#virSecretSetXML">virSecretSetXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id, <br /> const char * xml)
int <a href="#virStoragePoolBuild">virStoragePoolBuild</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> unsigned int flags)
int <a
href="#virStoragePoolCreate">virStoragePoolCreate</a> (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> unsigned int flags)
<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a> <a
href="#virStoragePoolCreateXML">virStoragePoolCreateXML</a> (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * xmlDesc, <br /> unsigned int flags)
@@ -319,7 +329,7 @@ int <a
href="#virStorageVolRef">virStorageVolRef</a> (<a
href="libvirt-libvirt.
</pre><table><tr><td>long
long</td><td>rx_bytes</td></tr><tr><td>long
long</td><td>rx_packets</td></tr><tr><td>long
long</td><td>rx_errs</td></tr><tr><td>long
long</td><td>rx_drop</td></tr><tr><td>long
long</td><td>tx_bytes</td></tr><tr><td>long
long</td><td>tx_packets</td></tr><tr><td>long
long</td><td>tx_errs</td></tr><tr><td>long
long</td><td>tx_drop</td></tr></table><pre>
}
</pre></div><h3><a name="virDomainMemoryFlags"
id="virDomainMemoryFlags"><code>virDomainMemoryFlags</code></a></h3><div
class="api"><pre>enum virDomainMemoryFlags {
-</pre><table><tr><td><a name="VIR_MEMORY_VIRTUAL"
id="VIR_MEMORY_VIRTUAL">VIR_MEMORY_VIRTUAL</a></td><td> =
</td><td>1</td><td> : addresses are virtual
addresses</td></tr></table><pre>}
+</pre><table><tr><td><a name="VIR_MEMORY_VIRTUAL"
id="VIR_MEMORY_VIRTUAL">VIR_MEMORY_VIRTUAL</a></td><td> =
</td><td>1</td><td> : addresses are virtual
addresses</td></tr><tr><td><a
name="VIR_MEMORY_PHYSICAL"
id="VIR_MEMORY_PHYSICAL">VIR_MEMORY_PHYSICAL</a></td><td> =
</td><td>2</td><td> : addresses are physical
addresses</td></tr></table><pre>}
</pre></div><h3><a name="virDomainMigrateFlags"
id="virDomainMigrateFlags"><code>virDomainMigrateFlags</code></a></h3><div
class="api"><pre>enum virDomainMigrateFlags {
</pre><table><tr><td><a name="VIR_MIGRATE_LIVE"
id="VIR_MIGRATE_LIVE">VIR_MIGRATE_LIVE</a></td><td> =
</td><td>1</td><td> : live
migration</td></tr></table><pre>}
</pre></div><h3><a name="virDomainState"
id="virDomainState"><code>virDomainState</code></a></h3><div
class="api"><pre>enum virDomainState {
@@ -393,23 +403,25 @@ int <a
href="#virStorageVolRef">virStorageVolRef</a> (<a
href="libvirt-libvirt.
</pre><p>Get the name of the Hypervisor software used.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>NULL
in case of error, a static zero terminated string otherwise. See also:
http://www.redhat.com/archives/libvir-list/2007-February/msg00096.html<...
name="virConnectGetURI"
id="virConnectGetURI"><code>virConnectGetURI</code></a></h3><pre
class="programlisting">char * virConnectGetURI (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>This returns the URI (name) of the hypervisor connection. Normally
this is the same as or similar to the string passed to the
virConnectOpen/virConnectOpenReadOnly call, but the driver may make the URI canonical. If
name == NULL was passed to virConnectOpen, then the driver will return a non-NULL URI
which can be used to connect to the same hypervisor later.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to a hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
URI string which must be freed by the caller, or NULL if there was an
error.</td></tr></tbody></table></div><h3><a
name="virConnectGetVersion"
id="virConnectGetVersion"><code>virConnectGetVersion</code></a></h3><pre
class="programlisting">int virConnectGetVersion (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> unsigned long * hv!
Ver)<br />
</pre><p>Get the version level of the Hypervisor running. This may work only
with hypervisor call, i.e. with privileged access to the hypervisor, not with a Read-Only
connection.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>hvVer</tt></i>:</span></td><td>return
value for the version of the running hypervisor
(OUT)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>-1
in case of error, 0 otherwise. if the version can't be extracted by lack of capacities
returns 0 and @hvVer is 0, otherwise @hvVer value is major * 1,000,000 + minor * 1,000 +
release</td></tr></tbody></table></div><h3><a
name="virConnectListDefinedDomains"
id="virConnectListDefinedDomains"><code>virConnectListDefinedDomains</code></a></h3><pre
class="programlisting">int virConnectListDefinedDomains (<a
href="libvirt!
-libvirt.html#virConnectPtr">virConnectPtr</a> conn, <br /> char
** const names, <br /> int maxnames)<br />
-</pre><p>list the defined but inactive domains, stores the pointers to the
names in @names</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>pointer
to an array to store the names</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of names provided in the array or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListDefinedNetworks"
id="virConnectListDefinedNetworks"><code>virConnectListDefinedNetworks</code></a></h3><pre
class="programlisting">int virConnectListDefinedNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
+</pre><p>list the defined but inactive domains, stores the pointers to the
names in @names</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>pointer
to an array to store the names</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of names provided in the array or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListDefinedInterfaces"
id="virConnectListDefinedInterfaces"><code>virConnectListDefinedInterfaces</code></a></h3><pre
class="programlisting">int virConnectListDefinedInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
+</pre><p>Collect the list of defined (inactive) physical host interfaces, and
store their names in @names.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of names of
interfaces</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interfaces found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListDefinedNetworks"
id="virConnectListDefinedNetworks"><code>virConnectListDefinedNetworks</code></a></h3><pre
class="programlisting">int virConnectListDefinedNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
</pre><p>list the inactive networks, stores the pointers to the names in
@names</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>pointer
to an array to store the names</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of names provided in the array or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListDefinedStoragePools"
id="virConnectListDefinedStoragePools"><code>virConnectListDefinedStoragePools</code></a></h3><pre
class="programlisting">int virConnectListDefinedStoragePools (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
</pre><p>Provides the list of names of inactive storage pools upto maxnames.
If there are more than maxnames, the remaining names will be silently
ignored.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
of char * to fill with pool names (allocated by
caller)</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the names array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
error</td></tr></tbody></table></div><h3><a
name="virConnectListDomains"
id="virConnectListDomains"><code>virConnectListDomains</code></a></h3><pre
class="programlisting">int virConnectListDomains (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> int * ids, <br /> int maxids)<br />
</pre><p>Collect the list of active domains, and store their ID in
@maxids</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>ids</tt></i>:</span></td><td>array
to collect the list of IDs of active
domains</td></tr><tr><td><span
class="term"><i><tt>maxids</tt></i>:</span></td><td>size
of @ids</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListInterfaces"
id="virConnectListInterfaces"><code>virConnectListInterfaces</code></a></h3><pre
class="programlisting">int virConnectListInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
-</pre><p>Collect the list of physical host interfaces, and store their names
in @names</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of names of
interfaces</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interfaces found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListNetworks"
id="virConnectListNetworks"><code>virConnectListNetworks</code></a></h3><pre
class="programlisting">int virConnectListNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
+</pre><p>Collect the list of active physical host interfaces, and store their
names in @names</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of names of
interfaces</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interfaces found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListNetworks"
id="virConnectListNetworks"><code>virConnectListNetworks</code></a></h3><pre
class="programlisting">int virConnectListNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
</pre><p>Collect the list of active networks, and store their names in
@names</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of names of active
networks</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of networks found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectListStoragePools"
id="virConnectListStoragePools"><code>virConnectListStoragePools</code></a></h3><pre
class="programlisting">int virConnectListStoragePools (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** const names, <br /> int maxnames)<br />
</pre><p>Provides the list of names of active storage pools upto maxnames. If
there are more than maxnames, the remaining names will be silently
ignored.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
of char * to fill with pool names (allocated by
caller)</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of the names array</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfDefinedDomains"
id="virConnectNumOfDefinedDomains"><code>virConnectNumOfDefinedDomains</code></a></h3><pre
class="programlisting">int virConnectNumOfDefinedDomains (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
-</pre><p>Provides the number of defined but inactive
domains.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfDefinedNetworks"
id="virConnectNumOfDefinedNetworks"><code>virConnectNumOfDefinedNetworks</code></a></h3><pre
class="programlisting">int virConnectNumOfDefinedNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
+</pre><p>Provides the number of defined but inactive
domains.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfDefinedInterfaces"
id="virConnectNumOfDefinedInterfaces"><code>virConnectNumOfDefinedInterfaces</code></a></h3><pre
class="programlisting">int virConnectNumOfDefinedInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
+</pre><p>Provides the number of defined (inactive) interfaces on the physical
host.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of defined interface found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfDefinedNetworks"
id="virConnectNumOfDefinedNetworks"><code>virConnectNumOfDefinedNetworks</code></a></h3><pre
class="programlisting">int virConnectNumOfDefinedNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Provides the number of inactive networks.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of networks found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfDefinedStoragePools"
id="virConnectNumOfDefinedStoragePools"><code>virConnectNumOfDefinedStoragePools</code></a></h3><pre
class="programlisting">int virConnectNumOfDefinedStoragePools (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Provides the number of inactive storage pools</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of pools found, or -1 on
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfDomains"
id="virConnectNumOfDomains"><code>virConnectNumOfDomains</code></a></h3><pre
class="programlisting">int virConnectNumOfDomains (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Provides the number of active domains.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of domain found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfInterfaces"
id="virConnectNumOfInterfaces"><code>virConnectNumOfInterfaces</code></a></h3><pre
class="programlisting">int virConnectNumOfInterfaces (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
-</pre><p>Provides the number of interfaces on the physical
host.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of interface found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfNetworks"
id="virConnectNumOfNetworks"><code>virConnectNumOfNetworks</code></a></h3><pre
class="programlisting">int virConnectNumOfNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
+</pre><p>Provides the number of active interfaces on the physical
host.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of active interfaces found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfNetworks"
id="virConnectNumOfNetworks"><code>virConnectNumOfNetworks</code></a></h3><pre
class="programlisting">int virConnectNumOfNetworks (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Provides the number of active networks.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of network found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virConnectNumOfStoragePools"
id="virConnectNumOfStoragePools"><code>virConnectNumOfStoragePools</code></a></h3><pre
class="programlisting">int virConnectNumOfStoragePools (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Provides the number of active storage pools</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of pools found, or -1 on
error</td></tr></tbody></table></div><h3><a
name="virConnectOpen"
id="virConnectOpen"><code>virConnectOpen</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpen (const
char * name)<br />
-</pre><p>This function should be called first to get a connection to the
Hypervisor and xen store</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
name="virConnectOpenAuth"
id="virConnectOpenAuth"><code>virConnectOpenAuth</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpenAuth (const
char * name, <br /> <a
href="libvirt-libvirt.html#virConnectAuthPtr">virConnectAuthPtr</a>
auth, <br /> int flags)<br />
-</pre><p>This function should be called first to get a connection to the
Hypervisor. If necessary, authentication will be performed fetching credentials via the
callback</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>auth</tt></i>:</span></td><td>Authenticate
callback parameters</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>Open
flags</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
name="virConnectOpenReadOnly"
id="virConnectOpenReadOnly"><code>virConnectOpenReadOnly</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpenReadOnly (const
char * name)<br!
/>
-</pre><p>This function should be called first to get a restricted connection
to the library functionalities. The set of APIs usable are then restricted on the
available methods to control the domains.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
name="virConnectRef"
id="virConnectRef"><code>virConnectRef</code></a></h3><pre
class="programlisting">int virConnectRef (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
+</pre><p>This function should be called first to get a connection to the
Hypervisor and xen store</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error If @name is NULL then
probing will be done to determine a suitable default driver to activate. This involves
trying each hypervisor in turn until one successfully opens. If the LIBVIRT_DEFAULT_URI
environment variable is set, then it will be used in preference to probing for a driver.
If connecting to an unprivileged hypervisor driver which requires the libvirtd daemon to
be active, it will automatically be launched if not already running. This can be prevented
by setting the environment variable LIBVIRT_AUTOSTART=0 URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody>!
</table></div><h3><a name="virConnectOpenAuth"
id="virConnectOpenAuth"><code>virConnectOpenAuth</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpenAuth (const
char * name, <br /> <a
href="libvirt-libvirt.html#virConnectAuthPtr">virConnectAuthPtr</a>
auth, <br /> int flags)<br />
+</pre><p>This function should be called first to get a connection to the
Hypervisor. If necessary, authentication will be performed fetching credentials via the
callback See <a
href="libvirt-libvirt.html#virConnectOpen">virConnectOpen</a> for notes
about environment variables which can have an effect on opening drivers</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>auth</tt></i>:</span></td><td>Authenticate
callback parameters</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>Open
flags</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
name="virConnectOpenReadOnly"
id="virConnectOpenReadOnly"><code>virConnectOpenReadOnly<!
/code></a></h3><pre class="programlisting"><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> virConnectOpenReadOnly (const
char * name)<br />
+</pre><p>This function should be called first to get a restricted connection
to the library functionalities. The set of APIs usable are then restricted on the
available methods to control the domains. See <a
href="libvirt-libvirt.html#virConnectOpen">virConnectOpen</a> for notes
about environment variables which can have an effect on opening drivers</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>name</tt></i>:</span></td><td>URI
of the hypervisor</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the hypervisor connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html</td></tr></tbody></table...
name="virConnectRef"
id="virConnectRef"><code>virConnectRef</code></a></h3><pre
class="programlisting">int virConnectRef (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Increment the reference count on the connection. For each additional
call to this method, there shall be a corresponding call to <a
href="libvirt-libvirt.html#virConnectClose">virConnectClose</a> to
release the reference count, once the caller no longer needs the reference to this object.
This method is typically useful for applications where multiple threads are using a
connection, and it is required that the connection remain open until all threads have
finished using it. ie, each new thread using a connection would increment the reference
count.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>the
connection to hold a reference on</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
in case of success, -1 in case of
failure</td></tr></tbody></table></div><h3><a
name="virDomainAttachDevice"
id="virDomainAttachDevice"><code>virDomainAttachDevice</code>!
</a></h3><pre
class="programlisting">int virDomainAttachDevice (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain,
<br /> const char * xml)<br />
</pre><p>Create a virtual device attachment to backend.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>domain</tt></i>:</span></td><td>pointer
to domain object</td></tr><tr><td><span
class="term"><i><tt>xml</tt></i>:</span></td><td>pointer
to XML description of one device</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
in case of success, -1 in case of
failure.</td></tr></tbody></table></div><h3><a
name="virDomainBlockPeek"
id="virDomainBlockPeek"><code>virDomainBlockPeek</code></a></h3><pre
class="programlisting">int virDomainBlockPeek (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> dom, <br
/> const char * path, <br /> unsigned long long offset, <br
/> size_t size, <br /> void * buffer, <br /> unsigned int
flags)<br />
</pre><p>This function allows you to read the contents of a domain's disk
device. Typical uses for this are to determine if the domain has written a Master Boot
Record (indicating that the domain has completed installation), or to try to work out the
state of the domain's filesystems. (Note that in the local case you might try to open
the block device or file directly, but that won't work in the remote case, nor if you
don't have sufficient permission. Hence the need for this call). 'path' must
be a device or file corresponding to the domain. In other words it must be the precise
string returned in a <disk><source
dev='...'/></disk> from virDomainGetXMLDesc. 'offset'
and 'size' represent an area which must lie entirely within the device or file.
'size' may be 0 to test if the call would succeed. 'buffer' is the return
buffer and must be at least 'size' bytes. NB. The remote driver imposes a 64K byte
limit on 'size'. For your program to be able to work reli!
ably over a remote connection you should split large requests to <= 65536
bytes.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>dom</tt></i>:</span></td><td>pointer
to the domain object</td></tr><tr><td><span
class="term"><i><tt>path</tt></i>:</span></td><td>path
to the block device</td></tr><tr><td><span
class="term"><i><tt>offset</tt></i>:</span></td><td>offset
within block device</td></tr><tr><td><span
class="term"><i><tt>size</tt></i>:</span></td><td>size
to read</td></tr><tr><td><span
class="term"><i><tt>buffer</tt></i>:</span></td><td>return
buffer (must be at least size bytes)</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>unused,
always pass 0</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
in case of success or -1 in case of failure. really 64
bits</td></tr></tbody></table></div><h3><a
name="virDomainBlockStats"
id="virDomainBlockStats"><code>vir!
DomainBlockStats</code></a></h3><pre
class="programlisting">int virDom
ainBlockStats (<a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> dom, <br
/> const char * path, <br /> <a
href="libvirt-libvirt.html#virDomainBlockStatsPtr">virDomainBlockStatsPtr</a>
stats, <br /> size_t size)<br />
@@ -518,7 +530,15 @@ int <a
href="#virStorageVolRef">virStorageVolRef</a> (<a
href="libvirt-libvirt.
</pre><p>Extract hardware information about the node.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>info</tt></i>:</span></td><td>pointer
to a <a href="libvirt-libvirt.html#virNodeInfo">virNodeInfo</a>
structure allocated by the user</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
in case of success and -1 in case of
failure.</td></tr></tbody></table></div><h3><a
name="virNodeGetSecurityModel"
id="virNodeGetSecurityModel"><code>virNodeGetSecurityModel</code></a></h3><pre
class="programlisting">int virNodeGetSecurityModel (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> <a
href="libvirt-libvirt.html#virSecurityModelPtr">virSecurityModelPtr</a>
secmodel)<br />
</pre><p>Extract the security model of a hypervisor. The 'model'
field in the @secmodel argument may be initialized to the empty string if the driver has
not activated a security model.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>a
connection object</td></tr><tr><td><span
class="term"><i><tt>secmodel</tt></i>:</span></td><td>pointer
to a <a
href="libvirt-libvirt.html#virSecurityModel">virSecurityModel</a>
structure</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
in case of success, -1 in case of
failure</td></tr></tbody></table></div><h3><a
name="virNodeListDevices"
id="virNodeListDevices"><code>virNodeListDevices</code></a></h3><pre
class="programlisting">int virNodeListDevices (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * cap, <br /> char ** const names, <br
/> int maxnames, <br /> unsi!
gned int flags)<br />
</pre><p>Collect the list of node devices, and store their names in @names If
the optional 'cap' argument is non-NULL, then the count will be restricted to
devices with the specified capability</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>cap</tt></i>:</span></td><td>capability
name</td></tr><tr><td><span
class="term"><i><tt>names</tt></i>:</span></td><td>array
to collect the list of node device names</td></tr><tr><td><span
class="term"><i><tt>maxnames</tt></i>:</span></td><td>size
of @names</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
(unused, pass 0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of node devices found or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virNodeNumOfDevices" id="virNodeNumOfDevices"!
<code>virNodeNumOfDevices</code></a></h3><pre
class="programlisting">int virNodeNumOfDevices (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * cap, <br /> unsigned int flags)<br />
-</pre><p>Provides the number of node devices. If the optional
'cap' argument is non-NULL, then the count will be restricted to devices with the
specified capability</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>cap</tt></i>:</span></td><td>capability
name</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
(unused, pass 0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of node devices or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virStoragePoolBuild"
id="virStoragePoolBuild"><code>virStoragePoolBuild</code></a></h3><pre
class="programlisting">int virStoragePoolBuild (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> unsigned int flags)<br />
+</pre><p>Provides the number of node devices. If the optional 'cap'
argument is non-NULL, then the count will be restricted to devices with the specified
capability</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>cap</tt></i>:</span></td><td>capability
name</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
(unused, pass 0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of node devices or -1 in case of
error</td></tr></tbody></table></div><h3><a
name="virSecretAllocateID"
id="virSecretAllocateID"><code>virSecretAllocateID</code></a></h3><pre
class="programlisting">char * virSecretAllocateID (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
+</pre><p>Allocates a secret ID (a printable string) without associating a
secret value with the ID.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
secret ID on success, or NULL on failure. The caller must free() the secret
ID.</td></tr></tbody></table></div><h3><a
name="virSecretDelete"
id="virSecretDelete"><code>virSecretDelete</code></a></h3><pre
class="programlisting">int virSecretDelete (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id)<br />
+</pre><p>Deletes the secret with secret_id (including the secret value and
all attributes).</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure.</td></tr></tbody></table></div><h3><a
name="virSecretGetValue"
id="virSecretGetValue"><code>virSecretGetValue</code></a></h3><pre
class="programlisting">void * virSecretGetValue (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id, <br /> size_t * secret_size)<br
/>
+</pre><p>Fetches the secret value associated with secret_id.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>secret_size</tt></i>:</span></td><td>Place
for storing size of the secret</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
secret value on success, NULL on failure. The caller must free() the secret
value.</td></tr></tbody></table></div><h3><a
name="virSecretGetXML"
id="virSecretGetXML"><code>virSecretGetXML</code></a></h3><pre
class="programlisting">char * virSecretGetXML (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id)<br />
+</pre><p>Fetches an XML document describing attributes of the
secret.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
XML document on success, NULL on failure. The caller must free() the
XML.</td></tr></tbody></table></div><h3><a
name="virSecretListSecrets"
id="virSecretListSecrets"><code>virSecretListSecrets</code></a></h3><pre
class="programlisting">int virSecretListSecrets (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> char ** ids, <br /> int maxids)<br />
+</pre><p>List the defined secret IDs, store pointers to names in
ids.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>ids</tt></i>:</span></td><td>Pointer
to an array to store the IDs</td></tr><tr><td><span
class="term"><i><tt>maxids</tt></i>:</span></td><td>size
of the array.</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number of IDs provided in the array, or -1 on
failure.</td></tr></tbody></table></div><h3><a
name="virSecretNumOfSecrets"
id="virSecretNumOfSecrets"><code>virSecretNumOfSecrets</code></a></h3><pre
class="programlisting">int virSecretNumOfSecrets (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
+</pre><p>Fetch number of currently defined secret IDs.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
number currently defined secret
IDs.</td></tr></tbody></table></div><h3><a
name="virSecretSetValue"
id="virSecretSetValue"><code>virSecretSetValue</code></a></h3><pre
class="programlisting">int virSecretSetValue (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id, <br /> const void * secret, <br
/> size_t secret_size)<br />
+</pre><p>Associates a secret value with secret_id. Allocates secret_id if it
was not previously allocated.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>secret</tt></i>:</span></td><td>The
secret</td></tr><tr><td><span
class="term"><i><tt>secret_size</tt></i>:</span></td><td>Size
of the secret</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure.</td></tr></tbody></table></div><h3><a
name="virSecretSetXML"
id="virSecretSetXML"><code>virSecretSetXML</code></a></h3><pre
class="programlisting">int virSecretSetXML (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * secret_id, <br /> const ch!
ar * xml)<br />
+</pre><p>Replaces all attributes of the secret specified by secret_id by
attributes specified in xml (any attributes not specified in xml are discarded). Allocates
secret_id if it was not previously allocated.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td><a
href="libvirt-libvirt.html#virConnect">virConnect</a>
connection</td></tr><tr><td><span
class="term"><i><tt>secret_id</tt></i>:</span></td><td>A
secret ID</td></tr><tr><td><span
class="term"><i><tt>xml</tt></i>:</span></td><td>XML
containing attributes of the secret.</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure.</td></tr></tbody></table></div><h3><a
name="virStoragePoolBuild"
id="virStoragePoolBuild"><code>virStoragePoolBuild</code></a></h3><pre
class="programlisting">int virStoragePoolBuild (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <b!
r /> unsigned int flags)<br />
</pre><p>Build the underlying storage pool</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>future
flags, use 0 for now</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, or -1 upon
failure</td></tr></tbody></table></div><h3><a
name="virStoragePoolCreate"
id="virStoragePoolCreate"><code>virStoragePoolCreate</code></a></h3><pre
class="programlisting">int virStoragePoolCreate (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> unsigned int flags)<br />
</pre><p>Starts an inactive storage pool</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>future
flags, use 0 for now</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, or -1 if it could not be
started</td></tr></tbody></table></div><h3><a
name="virStoragePoolCreateXML"
id="virStoragePoolCreateXML"><code>virStoragePoolCreateXML</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a> virStoragePoolCreateXML (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * xmlDesc, <br /> unsigned int flags)<br
/>
</pre><p>Create a new storage based on its XML description. The pool is not
persistent, so its definition will disappear when it is destroyed, or if the host is
restarted</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>xmlDesc</tt></i>:</span></td><td>XML
description for new pool</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>future
flags, use 0 for now</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
object, or NULL if creation
failed</td></tr></tbody></table></div><h3><a
name="virStoragePoolDefineXML"
id="virStoragePoolDefineXML"><code>virStoragePoolDefineXML</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a> virStoragePoo!
lDefineXML (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> const char * xml, <br /> unsigned int flags)<br />
@@ -542,7 +562,7 @@ int <a
href="#virStorageVolRef">virStorageVolRef</a> (<a
href="libvirt-libvirt.
</pre><p>Increment the reference count on the pool. For each additional call
to this method, there shall be a corresponding call to <a
href="libvirt-libvirt.html#virStoragePoolFree">virStoragePoolFree</a>
to release the reference count, once the caller no longer needs the reference to this
object. This method is typically useful for applications where multiple threads are using
a connection, and it is required that the connection remain open until all threads have
finished using it. ie, each new thread using a pool would increment the reference
count.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>the
pool to hold a reference on</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
in case of success, -1 in case of
failure.</td></tr></tbody></table></div><h3><a
name="virStoragePoolRefresh"
id="virStoragePoolRefresh"><code>virStoragePoolRefresh</code></a></h3><p!
re class="programlisting">int virStoragePoolRefresh (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> unsigned int flags)<br />
</pre><p>Request that the pool refresh its list of volumes. This may involve
communicating with a remote server, and/or initializing new devices at the OS
layer</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
to control refresh behaviour (currently unused, use
0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
if the volume list was refreshed, -1 on
failure</td></tr></tbody></table></div><h3><a
name="virStoragePoolSetAutostart"
id="virStoragePoolSetAutostart"><code>virStoragePoolSetAutostart</code></a></h3><pre
class="programlisting">int virStoragePoolSetAutostart (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> int autostart)<br />
</pre><p>Sets the autostart flag</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>autostart</tt></i>:</span></td><td>new
flag setting</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure</td></tr></tbody></table></div><h3><a
name="virStoragePoolUndefine"
id="virStoragePoolUndefine"><code>virStoragePoolUndefine</code></a></h3><pre
class="programlisting">int virStoragePoolUndefine (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool)<br />
-</pre><p>Undefine an inactive storage pool</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
object, or NULL if creation
failed</td></tr></tbody></table></div><h3><a
name="virStorageVolCreateXML"
id="virStorageVolCreateXML"><code>virStorageVolCreateXML</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> virStorageVolCreateXML (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> const char * xmldesc, <br /> unsigned int
flags)<br />
+</pre><p>Undefine an inactive storage pool</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, -1 on
failure</td></tr></tbody></table></div><h3><a
name="virStorageVolCreateXML"
id="virStorageVolCreateXML"><code>virStorageVolCreateXML</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> virStorageVolCreateXML (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> const char * xmldesc, <br /> unsigned int
flags)<br />
</pre><p>Create a storage volume within a pool based on an XML description.
Not all pools support creation of volumes</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to storage pool</td></tr><tr><td><span
class="term"><i><tt>xmldesc</tt></i>:</span></td><td>description
of volume to create</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
for creation (unused, pass 0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
storage volume, or NULL on
error</td></tr></tbody></table></div><h3><a
name="virStorageVolCreateXMLFrom"
id="virStorageVolCreateXMLFrom"><code>virStorageVolCreateXMLFrom</code></a></h3><pre
class="programlisting"><a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> virStorageVolCreateXMLFrom (<a
href="libvirt-libvirt.html#virStoragePoolPtr">virStoragePoolPtr</a>
pool, <br /> const cha!
r * xmldesc, <br /> <a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a>
clonevol, <br /> unsigned int flags)<br />
</pre><p>Create a storage volume in the parent pool, using the
'clonevol' volume as input. Information for the new volume (name, perms) are
passed via a typical volume XML description.</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>pool</tt></i>:</span></td><td>pointer
to parent pool for the new volume</td></tr><tr><td><span
class="term"><i><tt>xmldesc</tt></i>:</span></td><td>description
of volume to create</td></tr><tr><td><span
class="term"><i><tt>clonevol</tt></i>:</span></td><td>storage
volume to use as input</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>flags
for creation (unused, pass 0)</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>the
storage volume, or NULL on
error</td></tr></tbody></table></div><h3><a
name="virStorageVolDelete"
id="virStorageVolDelete"><code>virStorageVolDelete</code></a></h3><pre
class="programlisting">int virStorageVolDelete !
(<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a> vol,
<br /> unsigned int flags)<br />
</pre><p>Delete the storage volume from the pool</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>vol</tt></i>:</span></td><td>pointer
to storage volume</td></tr><tr><td><span
class="term"><i><tt>flags</tt></i>:</span></td><td>future
flags, use 0 for now</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>0
on success, or -1 on
error</td></tr></tbody></table></div><h3><a
name="virStorageVolFree"
id="virStorageVolFree"><code>virStorageVolFree</code></a></h3><pre
class="programlisting">int virStorageVolFree (<a
href="libvirt-libvirt.html#virStorageVolPtr">virStorageVolPtr</a>
vol)<br />
diff --git a/docs/html/libvirt-virterror.html b/docs/html/libvirt-virterror.html
index 93415bf..d76acff 100644
--- a/docs/html/libvirt-virterror.html
+++ b/docs/html/libvirt-virterror.html
@@ -27,11 +27,11 @@ void <a
href="#virSetErrorFunc">virSetErrorFunc</a> (void * userData, <br
/>
</pre><table><tr><td>int</td><td>code</td><td>
: The error code, a <a
href="libvirt-virterror.html#virErrorNumber">virErrorNumber</a></td></tr><tr><td>int</td><td>domain</td><td>
: What part of the library raised this error</td></tr><tr><td>char
*</td><td>message</td><td> : human-readable informative error
message</td></tr><tr><td><a
href="libvirt-virterror.html#virErrorLevel">virErrorLevel</a></td><td>level</td><td>
: how consequent is the error</td></tr><tr><td><a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a></td><td>conn</td><td>
: connection if available, deprecated see note
above</td></tr><tr><td><a
href="libvirt-libvirt.html#virDomainPtr">virDomainPtr</a></td><td>dom</td><td>
: domain if available, deprecated see note
above</td></tr><tr><td>char
*</td><td>str1</td><td> : extra string
information</td></tr><tr><td>char
*</td><td>str2</td><td> : extra string
information</td></tr><tr><td>char
*</td><td>str3</td><td> : extra string
information</td></tr><tr><t!
d>int</td><td>int1</td><td> : extra number
information</td></tr><tr><td>int</td><td>int2</td><td>
: extra number information</td></tr><tr><td><a
href="libvirt-libvirt.html#virNetworkPtr">virNetworkPtr</a></td><td>net</td><td>
: network if available, deprecated see note
above</td></tr></table><pre>
}
</pre></div><h3><a name="virErrorDomain"
id="virErrorDomain"><code>virErrorDomain</code></a></h3><div
class="api"><pre>enum virErrorDomain {
-</pre><table><tr><td><a name="VIR_FROM_NONE"
id="VIR_FROM_NONE">VIR_FROM_NONE</a></td><td> =
</td><td>0</td></tr><tr><td><a
name="VIR_FROM_XEN"
id="VIR_FROM_XEN">VIR_FROM_XEN</a></td><td> =
</td><td>1</td><td> : Error at Xen hypervisor
layer</td></tr><tr><td><a name="VIR_FROM_XEND"
id="VIR_FROM_XEND">VIR_FROM_XEND</a></td><td> =
</td><td>2</td><td> : Error at connection with xend
daemon</td></tr><tr><td><a name="VIR_FROM_XENSTORE"
id="VIR_FROM_XENSTORE">VIR_FROM_XENSTORE</a></td><td> =
</td><td>3</td><td> : Error at connection with xen
store</td></tr><tr><td><a name="VIR_FROM_SEXPR"
id="VIR_FROM_SEXPR">VIR_FROM_SEXPR</a></td><td> =
</td><td>4</td><td> : Error in the S-Expression
code</td></tr><tr><td><a name="VIR_FROM_XML"
id="VIR_FROM_XML">VIR_FROM_XML</a></td><td> =
</td><td>5</td><td> : Error in the XML
code</td></tr><tr><td><a name="VIR_FROM_DOM"
id="VIR_FROM_DOM">VIR_FROM_DOM</a></td><td> =
</td><td>6</td><td> : Error when operating on a
domain</td></tr><tr><td><a name!
="VIR_FROM_RPC"
id="VIR_FROM_RPC">VIR_FROM_RPC</a></td><td> =
</td><td>7</td><td> : Error in the XML-RPC
code</td></tr><tr><td><a name="VIR_FROM_PROXY"
id="VIR_FROM_PROXY">VIR_FROM_PROXY</a></td><td> =
</td><td>8</td><td> : Error in the proxy
code</td></tr><tr><td><a name="VIR_FROM_CONF"
id="VIR_FROM_CONF">VIR_FROM_CONF</a></td><td> =
</td><td>9</td><td> : Error in the configuration file
handling</td></tr><tr><td><a name="VIR_FROM_QEMU"
id="VIR_FROM_QEMU">VIR_FROM_QEMU</a></td><td> =
</td><td>10</td><td> : Error at the QEMU
daemon</td></tr><tr><td><a name="VIR_FROM_NET"
id="VIR_FROM_NET">VIR_FROM_NET</a></td><td> =
</td><td>11</td><td> : Error when operating on a
network</td></tr><tr><td><a name="VIR_FROM_TEST"
id="VIR_FROM_TEST">VIR_FROM_TEST</a></td><td> =
</td><td>12</td><td> : Error from test
driver</td></tr><tr><td><a name="VIR_FROM_REMOTE"
id="VIR_FROM_REMOTE">VIR_FROM_REMOTE</a></td><td> =
</td><td>13</td><td> : Error from remote
driver</td></tr><tr><td><a name="VIR_!
FROM_OPENVZ"
id="VIR_FROM_OPENVZ">VIR_FROM_OPENVZ</a></td><td> =
</td>
<td>14</td><td> : Error from OpenVZ
driver</td></tr><tr><td><a name="VIR_FROM_XENXM"
id="VIR_FROM_XENXM">VIR_FROM_XENXM</a></td><td> =
</td><td>15</td><td> : Error at Xen XM
layer</td></tr><tr><td><a name="VIR_FROM_STATS_LINUX"
id="VIR_FROM_STATS_LINUX">VIR_FROM_STATS_LINUX</a></td><td>
= </td><td>16</td><td> : Error in the Linux Stats
code</td></tr><tr><td><a name="VIR_FROM_LXC"
id="VIR_FROM_LXC">VIR_FROM_LXC</a></td><td> =
</td><td>17</td><td> : Error from Linux Container
driver</td></tr><tr><td><a name="VIR_FROM_STORAGE"
id="VIR_FROM_STORAGE">VIR_FROM_STORAGE</a></td><td> =
</td><td>18</td><td> : Error from storage
driver</td></tr><tr><td><a name="VIR_FROM_NETWORK"
id="VIR_FROM_NETWORK">VIR_FROM_NETWORK</a></td><td> =
</td><td>19</td><td> : Error from network
config</td></tr><tr><td><a name="VIR_FROM_DOMAIN"
id="VIR_FROM_DOMAIN">VIR_FROM_DOMAIN</a></td><td> =
</td><td>20</td><td> : Error from domain
config</td></tr><tr><td><a name="VIR_FROM_UML"
id="VIR_FROM_UML">VIR_FROM!
_UML</a></td><td> = </td><td>21</td><td> :
Error at the UML driver</td></tr><tr><td><a
name="VIR_FROM_NODEDEV"
id="VIR_FROM_NODEDEV">VIR_FROM_NODEDEV</a></td><td> =
</td><td>22</td><td> : Error from node device
monitor</td></tr><tr><td><a
name="VIR_FROM_XEN_INOTIFY"
id="VIR_FROM_XEN_INOTIFY">VIR_FROM_XEN_INOTIFY</a></td><td>
= </td><td>23</td><td> : Error from xen inotify
layer</td></tr><tr><td><a name="VIR_FROM_SECURITY"
id="VIR_FROM_SECURITY">VIR_FROM_SECURITY</a></td><td> =
</td><td>24</td><td> : Error from security
framework</td></tr><tr><td><a name="VIR_FROM_VBOX"
id="VIR_FROM_VBOX">VIR_FROM_VBOX</a></td><td> =
</td><td>25</td><td> : Error from VirtualBox
driver</td></tr><tr><td><a name="VIR_FROM_INTERFACE"
id="VIR_FROM_INTERFACE">VIR_FROM_INTERFACE</a></td><td> =
</td><td>26</td><td> : Error when operating on an
interface</td></tr><tr><td><a name="VIR_FROM_ONE"
id="VIR_FROM_ONE">VIR_FROM_ONE</a></td><td> =
</td><td>27</td><td> : Error from OpenNebula
driver</td></tr><!
/table><pre>}
+</pre><table><tr><td><a name="VIR_FROM_NONE"
id="VIR_FROM_NONE">VIR_FROM_NONE</a></td><td> =
</td><td>0</td></tr><tr><td><a
name="VIR_FROM_XEN"
id="VIR_FROM_XEN">VIR_FROM_XEN</a></td><td> =
</td><td>1</td><td> : Error at Xen hypervisor
layer</td></tr><tr><td><a name="VIR_FROM_XEND"
id="VIR_FROM_XEND">VIR_FROM_XEND</a></td><td> =
</td><td>2</td><td> : Error at connection with xend
daemon</td></tr><tr><td><a name="VIR_FROM_XENSTORE"
id="VIR_FROM_XENSTORE">VIR_FROM_XENSTORE</a></td><td> =
</td><td>3</td><td> : Error at connection with xen
store</td></tr><tr><td><a name="VIR_FROM_SEXPR"
id="VIR_FROM_SEXPR">VIR_FROM_SEXPR</a></td><td> =
</td><td>4</td><td> : Error in the S-Expression
code</td></tr><tr><td><a name="VIR_FROM_XML"
id="VIR_FROM_XML">VIR_FROM_XML</a></td><td> =
</td><td>5</td><td> : Error in the XML
code</td></tr><tr><td><a name="VIR_FROM_DOM"
id="VIR_FROM_DOM">VIR_FROM_DOM</a></td><td> =
</td><td>6</td><td> : Error when operating on a
domain</td></tr><tr><td><a name!
="VIR_FROM_RPC"
id="VIR_FROM_RPC">VIR_FROM_RPC</a></td><td> =
</td><td>7</td><td> : Error in the XML-RPC
code</td></tr><tr><td><a name="VIR_FROM_PROXY"
id="VIR_FROM_PROXY">VIR_FROM_PROXY</a></td><td> =
</td><td>8</td><td> : Error in the proxy
code</td></tr><tr><td><a name="VIR_FROM_CONF"
id="VIR_FROM_CONF">VIR_FROM_CONF</a></td><td> =
</td><td>9</td><td> : Error in the configuration file
handling</td></tr><tr><td><a name="VIR_FROM_QEMU"
id="VIR_FROM_QEMU">VIR_FROM_QEMU</a></td><td> =
</td><td>10</td><td> : Error at the QEMU
daemon</td></tr><tr><td><a name="VIR_FROM_NET"
id="VIR_FROM_NET">VIR_FROM_NET</a></td><td> =
</td><td>11</td><td> : Error when operating on a
network</td></tr><tr><td><a name="VIR_FROM_TEST"
id="VIR_FROM_TEST">VIR_FROM_TEST</a></td><td> =
</td><td>12</td><td> : Error from test
driver</td></tr><tr><td><a name="VIR_FROM_REMOTE"
id="VIR_FROM_REMOTE">VIR_FROM_REMOTE</a></td><td> =
</td><td>13</td><td> : Error from remote
driver</td></tr><tr><td><a name="VIR_!
FROM_OPENVZ"
id="VIR_FROM_OPENVZ">VIR_FROM_OPENVZ</a></td><td> =
</td>
<td>14</td><td> : Error from OpenVZ
driver</td></tr><tr><td><a name="VIR_FROM_XENXM"
id="VIR_FROM_XENXM">VIR_FROM_XENXM</a></td><td> =
</td><td>15</td><td> : Error at Xen XM
layer</td></tr><tr><td><a name="VIR_FROM_STATS_LINUX"
id="VIR_FROM_STATS_LINUX">VIR_FROM_STATS_LINUX</a></td><td>
= </td><td>16</td><td> : Error in the Linux Stats
code</td></tr><tr><td><a name="VIR_FROM_LXC"
id="VIR_FROM_LXC">VIR_FROM_LXC</a></td><td> =
</td><td>17</td><td> : Error from Linux Container
driver</td></tr><tr><td><a name="VIR_FROM_STORAGE"
id="VIR_FROM_STORAGE">VIR_FROM_STORAGE</a></td><td> =
</td><td>18</td><td> : Error from storage
driver</td></tr><tr><td><a name="VIR_FROM_NETWORK"
id="VIR_FROM_NETWORK">VIR_FROM_NETWORK</a></td><td> =
</td><td>19</td><td> : Error from network
config</td></tr><tr><td><a name="VIR_FROM_DOMAIN"
id="VIR_FROM_DOMAIN">VIR_FROM_DOMAIN</a></td><td> =
</td><td>20</td><td> : Error from domain
config</td></tr><tr><td><a name="VIR_FROM_UML"
id="VIR_FROM_UML">VIR_FROM!
_UML</a></td><td> = </td><td>21</td><td> :
Error at the UML driver</td></tr><tr><td><a
name="VIR_FROM_NODEDEV"
id="VIR_FROM_NODEDEV">VIR_FROM_NODEDEV</a></td><td> =
</td><td>22</td><td> : Error from node device
monitor</td></tr><tr><td><a
name="VIR_FROM_XEN_INOTIFY"
id="VIR_FROM_XEN_INOTIFY">VIR_FROM_XEN_INOTIFY</a></td><td>
= </td><td>23</td><td> : Error from xen inotify
layer</td></tr><tr><td><a name="VIR_FROM_SECURITY"
id="VIR_FROM_SECURITY">VIR_FROM_SECURITY</a></td><td> =
</td><td>24</td><td> : Error from security
framework</td></tr><tr><td><a name="VIR_FROM_VBOX"
id="VIR_FROM_VBOX">VIR_FROM_VBOX</a></td><td> =
</td><td>25</td><td> : Error from VirtualBox
driver</td></tr><tr><td><a name="VIR_FROM_INTERFACE"
id="VIR_FROM_INTERFACE">VIR_FROM_INTERFACE</a></td><td> =
</td><td>26</td><td> : Error when operating on an
interface</td></tr><tr><td><a name="VIR_FROM_ONE"
id="VIR_FROM_ONE">VIR_FROM_ONE</a></td><td> =
</td><td>27</td><td> : Error from OpenNebula
driver</td></tr><!
tr><td><a name="VIR_FROM_ESX"
id="VIR_FROM_ESX">VIR_FROM_ESX</a></td><
td> = </td><td>28</td><td> : Error from ESX
driver</td></tr><tr><td><a name="VIR_FROM_PHYP"
id="VIR_FROM_PHYP">VIR_FROM_PHYP</a></td><td> =
</td><td>29</td><td> : Error from IBM power
hypervisor</td></tr><tr><td><a name="VIR_FROM_SECRET"
id="VIR_FROM_SECRET">VIR_FROM_SECRET</a></td><td> =
</td><td>30</td><td> : Error from secret
storage</td></tr></table><pre>}
</pre></div><h3><a name="virErrorLevel"
id="virErrorLevel"><code>virErrorLevel</code></a></h3><div
class="api"><pre>enum virErrorLevel {
</pre><table><tr><td><a name="VIR_ERR_NONE"
id="VIR_ERR_NONE">VIR_ERR_NONE</a></td><td> =
</td><td>0</td></tr><tr><td><a
name="VIR_ERR_WARNING"
id="VIR_ERR_WARNING">VIR_ERR_WARNING</a></td><td> =
</td><td>1</td><td> : A simple
warning</td></tr><tr><td><a name="VIR_ERR_ERROR"
id="VIR_ERR_ERROR">VIR_ERR_ERROR</a></td><td> =
</td><td>2</td><td> : An
error</td></tr></table><pre>}
</pre></div><h3><a name="virErrorNumber"
id="virErrorNumber"><code>virErrorNumber</code></a></h3><div
class="api"><pre>enum virErrorNumber {
-</pre><table><tr><td><a name="VIR_ERR_OK"
id="VIR_ERR_OK">VIR_ERR_OK</a></td><td> =
</td><td>0</td></tr><tr><td><a
name="VIR_ERR_INTERNAL_ERROR"
id="VIR_ERR_INTERNAL_ERROR">VIR_ERR_INTERNAL_ERROR</a></td><td>
= </td><td>1</td><td> : internal
error</td></tr><tr><td><a name="VIR_ERR_NO_MEMORY"
id="VIR_ERR_NO_MEMORY">VIR_ERR_NO_MEMORY</a></td><td> =
</td><td>2</td><td> : memory allocation
failure</td></tr><tr><td><a name="VIR_ERR_NO_SUPPORT"
id="VIR_ERR_NO_SUPPORT">VIR_ERR_NO_SUPPORT</a></td><td> =
</td><td>3</td><td> : no support for this
function</td></tr><tr><td><a
name="VIR_ERR_UNKNOWN_HOST"
id="VIR_ERR_UNKNOWN_HOST">VIR_ERR_UNKNOWN_HOST</a></td><td>
= </td><td>4</td><td> : could not resolve
hostname</td></tr><tr><td><a
name="VIR_ERR_NO_CONNECT"
id="VIR_ERR_NO_CONNECT">VIR_ERR_NO_CONNECT</a></td><td> =
</td><td>5</td><td> : can't connect to
hypervisor</td></tr><tr><td><a
name="VIR_ERR_INVALID_CONN"
id="VIR_ERR_INVALID_CONN">VIR_ERR_INVALID_CONN</a></td><td>
= </td><td>6</t!
d><td> : invalid connection
object</td></tr><tr><td><a
name="VIR_ERR_INVALID_DOMAIN"
id="VIR_ERR_INVALID_DOMAIN">VIR_ERR_INVALID_DOMAIN</a></td><td>
= </td><td>7</td><td> : invalid domain
object</td></tr><tr><td><a name="VIR_ERR_INVALID_ARG"
id="VIR_ERR_INVALID_ARG">VIR_ERR_INVALID_ARG</a></td><td> =
</td><td>8</td><td> : invalid function
argument</td></tr><tr><td><a
name="VIR_ERR_OPERATION_FAILED"
id="VIR_ERR_OPERATION_FAILED">VIR_ERR_OPERATION_FAILED</a></td><td>
= </td><td>9</td><td> : a command to hypervisor
failed</td></tr><tr><td><a name="VIR_ERR_GET_FAILED"
id="VIR_ERR_GET_FAILED">VIR_ERR_GET_FAILED</a></td><td> =
</td><td>10</td><td> : a HTTP GET command to
failed</td></tr><tr><td><a name="VIR_ERR_POST_FAILED"
id="VIR_ERR_POST_FAILED">VIR_ERR_POST_FAILED</a></td><td> =
</td><td>11</td><td> : a HTTP POST command to
failed</td></tr><tr><td><a name="VIR_ERR_HTTP_ERROR"
id="VIR_ERR_HTTP_ERROR">VIR_ERR_HTTP_ERROR</a></td><td> =
</td><td>12</td><td> : unexpected HTTP erro!
r code</td></tr><tr><td><a
name="VIR_ERR_SEXPR_SERIAL" id="VIR_ERR_SEX
PR_SERIAL">VIR_ERR_SEXPR_SERIAL</a></td><td> =
</td><td>13</td><td> : failure to serialize an
S-Expr</td></tr><tr><td><a name="VIR_ERR_NO_XEN"
id="VIR_ERR_NO_XEN">VIR_ERR_NO_XEN</a></td><td> =
</td><td>14</td><td> : could not open Xen hypervisor
control</td></tr><tr><td><a name="VIR_ERR_XEN_CALL"
id="VIR_ERR_XEN_CALL">VIR_ERR_XEN_CALL</a></td><td> =
</td><td>15</td><td> : failure doing an hypervisor
call</td></tr><tr><td><a name="VIR_ERR_OS_TYPE"
id="VIR_ERR_OS_TYPE">VIR_ERR_OS_TYPE</a></td><td> =
</td><td>16</td><td> : unknown OS
type</td></tr><tr><td><a name="VIR_ERR_NO_KERNEL"
id="VIR_ERR_NO_KERNEL">VIR_ERR_NO_KERNEL</a></td><td> =
</td><td>17</td><td> : missing kernel
information</td></tr><tr><td><a
name="VIR_ERR_NO_ROOT"
id="VIR_ERR_NO_ROOT">VIR_ERR_NO_ROOT</a></td><td> =
</td><td>18</td><td> : missing root device
information</td></tr><tr><td><a
name="VIR_ERR_NO_SOURCE"
id="VIR_ERR_NO_SOURCE">VIR_ERR_NO_SOURCE</a></td><td> =
</td><td>19</td><td> : missing source device !
information</td></tr><tr><td><a
name="VIR_ERR_NO_TARGET"
id="VIR_ERR_NO_TARGET">VIR_ERR_NO_TARGET</a></td><td> =
</td><td>20</td><td> : missing target device
information</td></tr><tr><td><a
name="VIR_ERR_NO_NAME"
id="VIR_ERR_NO_NAME">VIR_ERR_NO_NAME</a></td><td> =
</td><td>21</td><td> : missing domain name
information</td></tr><tr><td><a name="VIR_ERR_NO_OS"
id="VIR_ERR_NO_OS">VIR_ERR_NO_OS</a></td><td> =
</td><td>22</td><td> : missing domain OS
information</td></tr><tr><td><a
name="VIR_ERR_NO_DEVICE"
id="VIR_ERR_NO_DEVICE">VIR_ERR_NO_DEVICE</a></td><td> =
</td><td>23</td><td> : missing domain devices
information</td></tr><tr><td><a
name="VIR_ERR_NO_XENSTORE"
id="VIR_ERR_NO_XENSTORE">VIR_ERR_NO_XENSTORE</a></td><td> =
</td><td>24</td><td> : could not open Xen Store
control</td></tr><tr><td><a
name="VIR_ERR_DRIVER_FULL"
id="VIR_ERR_DRIVER_FULL">VIR_ERR_DRIVER_FULL</a></td><td> =
</td><td>25</td><td> : too many drivers
registered</td></tr><tr><td><a
name="VIR_ERR_CALL_FAILED"!
id="VIR_ERR_CALL_FAILED">VIR_ERR_CALL_FAILED</a></td><td>
= </td><td>
26</td><td> : not supported by the drivers
(DEPRECATED)</td></tr><tr><td><a
name="VIR_ERR_XML_ERROR"
id="VIR_ERR_XML_ERROR">VIR_ERR_XML_ERROR</a></td><td> =
</td><td>27</td><td> : an XML description is not well formed or
broken</td></tr><tr><td><a name="VIR_ERR_DOM_EXIST"
id="VIR_ERR_DOM_EXIST">VIR_ERR_DOM_EXIST</a></td><td> =
</td><td>28</td><td> : the domain already
exist</td></tr><tr><td><a
name="VIR_ERR_OPERATION_DENIED"
id="VIR_ERR_OPERATION_DENIED">VIR_ERR_OPERATION_DENIED</a></td><td>
= </td><td>29</td><td> : operation forbidden on read-only
connections</td></tr><tr><td><a
name="VIR_ERR_OPEN_FAILED"
id="VIR_ERR_OPEN_FAILED">VIR_ERR_OPEN_FAILED</a></td><td> =
</td><td>30</td><td> : failed to open a conf
file</td></tr><tr><td><a name="VIR_ERR_READ_FAILED"
id="VIR_ERR_READ_FAILED">VIR_ERR_READ_FAILED</a></td><td> =
</td><td>31</td><td> : failed to read a conf
file</td></tr><tr><td><a name="VIR_ERR_PARSE_FAILED"
id="VIR_ERR_PARSE_FAILED">VIR_ERR_PARSE_FAILED</a></td><td>
!
= </td><td>32</td><td> : failed to parse a conf
file</td></tr><tr><td><a name="VIR_ERR_CONF_SYNTAX"
id="VIR_ERR_CONF_SYNTAX">VIR_ERR_CONF_SYNTAX</a></td><td> =
</td><td>33</td><td> : failed to parse the syntax of a conf
file</td></tr><tr><td><a name="VIR_ERR_WRITE_FAILED"
id="VIR_ERR_WRITE_FAILED">VIR_ERR_WRITE_FAILED</a></td><td>
= </td><td>34</td><td> : failed to write a conf
file</td></tr><tr><td><a name="VIR_ERR_XML_DETAIL"
id="VIR_ERR_XML_DETAIL">VIR_ERR_XML_DETAIL</a></td><td> =
</td><td>35</td><td> : detail of an XML
error</td></tr><tr><td><a
name="VIR_ERR_INVALID_NETWORK"
id="VIR_ERR_INVALID_NETWORK">VIR_ERR_INVALID_NETWORK</a></td><td>
= </td><td>36</td><td> : invalid network
object</td></tr><tr><td><a
name="VIR_ERR_NETWORK_EXIST"
id="VIR_ERR_NETWORK_EXIST">VIR_ERR_NETWORK_EXIST</a></td><td>
= </td><td>37</td><td> : the network already
exist</td></tr><tr><td><a name="VIR_ERR_SYSTEM_ERROR"
id="VIR_ERR_SYSTEM_ERROR">VIR_ERR_SYSTEM_ERROR</a></td><td>
= </td><td>38</td!
<td> : general system call
failure</td></tr><tr><td><a name="VIR_ERR_
RPC"
id="VIR_ERR_RPC">VIR_ERR_RPC</a></td><td> =
</td><td>39</td><td> : some sort of RPC
error</td></tr><tr><td><a name="VIR_ERR_GNUTLS_ERROR"
id="VIR_ERR_GNUTLS_ERROR">VIR_ERR_GNUTLS_ERROR</a></td><td>
= </td><td>40</td><td> : error from a GNUTLS
call</td></tr><tr><td><a name="VIR_WAR_NO_NETWORK"
id="VIR_WAR_NO_NETWORK">VIR_WAR_NO_NETWORK</a></td><td> =
</td><td>41</td><td> : failed to start
network</td></tr><tr><td><a name="VIR_ERR_NO_DOMAIN"
id="VIR_ERR_NO_DOMAIN">VIR_ERR_NO_DOMAIN</a></td><td> =
</td><td>42</td><td> : domain not found or unexpectedly
disappeared</td></tr><tr><td><a
name="VIR_ERR_NO_NETWORK"
id="VIR_ERR_NO_NETWORK">VIR_ERR_NO_NETWORK</a></td><td> =
</td><td>43</td><td> : network not
found</td></tr><tr><td><a name="VIR_ERR_INVALID_MAC"
id="VIR_ERR_INVALID_MAC">VIR_ERR_INVALID_MAC</a></td><td> =
</td><td>44</td><td> : invalid MAC
address</td></tr><tr><td><a
name="VIR_ERR_AUTH_FAILED"
id="VIR_ERR_AUTH_FAILED">VIR_ERR_AUTH_FAILED</a></td><td> =
</td><td>45</t!
d><td> : authentication failed</td></tr><tr><td><a
name="VIR_ERR_INVALID_STORAGE_POOL"
id="VIR_ERR_INVALID_STORAGE_POOL">VIR_ERR_INVALID_STORAGE_POOL</a></td><td>
= </td><td>46</td><td> : invalid storage pool
object</td></tr><tr><td><a
name="VIR_ERR_INVALID_STORAGE_VOL"
id="VIR_ERR_INVALID_STORAGE_VOL">VIR_ERR_INVALID_STORAGE_VOL</a></td><td>
= </td><td>47</td><td> : invalid storage vol
object</td></tr><tr><td><a name="VIR_WAR_NO_STORAGE"
id="VIR_WAR_NO_STORAGE">VIR_WAR_NO_STORAGE</a></td><td> =
</td><td>48</td><td> : failed to start
storage</td></tr><tr><td><a
name="VIR_ERR_NO_STORAGE_POOL"
id="VIR_ERR_NO_STORAGE_POOL">VIR_ERR_NO_STORAGE_POOL</a></td><td>
= </td><td>49</td><td> : storage pool not
found</td></tr><tr><td><a
name="VIR_ERR_NO_STORAGE_VOL"
id="VIR_ERR_NO_STORAGE_VOL">VIR_ERR_NO_STORAGE_VOL</a></td><td>
= </td><td>50</td><td> : storage pool not
found</td></tr><tr><td><a name="VIR_WAR_NO_NODE"
id="VIR_WAR_NO_NODE">VIR_WAR_NO_NODE</a></td><td> =
</td><td>51</td><t!
d> : failed to start node driver</td></tr><tr><td><a
name="VIR_ERR_INV
ALID_NODE_DEVICE"
id="VIR_ERR_INVALID_NODE_DEVICE">VIR_ERR_INVALID_NODE_DEVICE</a></td><td>
= </td><td>52</td><td> : invalid node device
object</td></tr><tr><td><a
name="VIR_ERR_NO_NODE_DEVICE"
id="VIR_ERR_NO_NODE_DEVICE">VIR_ERR_NO_NODE_DEVICE</a></td><td>
= </td><td>53</td><td> : node device not
found</td></tr><tr><td><a
name="VIR_ERR_NO_SECURITY_MODEL"
id="VIR_ERR_NO_SECURITY_MODEL">VIR_ERR_NO_SECURITY_MODEL</a></td><td>
= </td><td>54</td><td> : security model not
found</td></tr><tr><td><a
name="VIR_ERR_OPERATION_INVALID"
id="VIR_ERR_OPERATION_INVALID">VIR_ERR_OPERATION_INVALID</a></td><td>
= </td><td>55</td><td> : operation is not applicable at this
time</td></tr><tr><td><a name="VIR_WAR_NO_INTERFACE"
id="VIR_WAR_NO_INTERFACE">VIR_WAR_NO_INTERFACE</a></td><td>
= </td><td>56</td><td> : failed to start interface
driver</td></tr><tr><td><a
name="VIR_ERR_NO_INTERFACE"
id="VIR_ERR_NO_INTERFACE">VIR_ERR_NO_INTERFACE</a></td><td>
= </td><td>57</td><td> : interface driver not ru!
nning</td></tr><tr><td><a
name="VIR_ERR_INVALID_INTERFACE"
id="VIR_ERR_INVALID_INTERFACE">VIR_ERR_INVALID_INTERFACE</a></td><td>
= </td><td>58</td><td> : invalid interface
object</td></tr></table><pre>}
+</pre><table><tr><td><a name="VIR_ERR_OK"
id="VIR_ERR_OK">VIR_ERR_OK</a></td><td> =
</td><td>0</td></tr><tr><td><a
name="VIR_ERR_INTERNAL_ERROR"
id="VIR_ERR_INTERNAL_ERROR">VIR_ERR_INTERNAL_ERROR</a></td><td>
= </td><td>1</td><td> : internal
error</td></tr><tr><td><a name="VIR_ERR_NO_MEMORY"
id="VIR_ERR_NO_MEMORY">VIR_ERR_NO_MEMORY</a></td><td> =
</td><td>2</td><td> : memory allocation
failure</td></tr><tr><td><a name="VIR_ERR_NO_SUPPORT"
id="VIR_ERR_NO_SUPPORT">VIR_ERR_NO_SUPPORT</a></td><td> =
</td><td>3</td><td> : no support for this
function</td></tr><tr><td><a
name="VIR_ERR_UNKNOWN_HOST"
id="VIR_ERR_UNKNOWN_HOST">VIR_ERR_UNKNOWN_HOST</a></td><td>
= </td><td>4</td><td> : could not resolve
hostname</td></tr><tr><td><a
name="VIR_ERR_NO_CONNECT"
id="VIR_ERR_NO_CONNECT">VIR_ERR_NO_CONNECT</a></td><td> =
</td><td>5</td><td> : can't connect to
hypervisor</td></tr><tr><td><a
name="VIR_ERR_INVALID_CONN"
id="VIR_ERR_INVALID_CONN">VIR_ERR_INVALID_CONN</a></td><td>
= </td><td>6</t!
d><td> : invalid connection
object</td></tr><tr><td><a
name="VIR_ERR_INVALID_DOMAIN"
id="VIR_ERR_INVALID_DOMAIN">VIR_ERR_INVALID_DOMAIN</a></td><td>
= </td><td>7</td><td> : invalid domain
object</td></tr><tr><td><a name="VIR_ERR_INVALID_ARG"
id="VIR_ERR_INVALID_ARG">VIR_ERR_INVALID_ARG</a></td><td> =
</td><td>8</td><td> : invalid function
argument</td></tr><tr><td><a
name="VIR_ERR_OPERATION_FAILED"
id="VIR_ERR_OPERATION_FAILED">VIR_ERR_OPERATION_FAILED</a></td><td>
= </td><td>9</td><td> : a command to hypervisor
failed</td></tr><tr><td><a name="VIR_ERR_GET_FAILED"
id="VIR_ERR_GET_FAILED">VIR_ERR_GET_FAILED</a></td><td> =
</td><td>10</td><td> : a HTTP GET command to
failed</td></tr><tr><td><a name="VIR_ERR_POST_FAILED"
id="VIR_ERR_POST_FAILED">VIR_ERR_POST_FAILED</a></td><td> =
</td><td>11</td><td> : a HTTP POST command to
failed</td></tr><tr><td><a name="VIR_ERR_HTTP_ERROR"
id="VIR_ERR_HTTP_ERROR">VIR_ERR_HTTP_ERROR</a></td><td> =
</td><td>12</td><td> : unexpected HTTP erro!
r code</td></tr><tr><td><a
name="VIR_ERR_SEXPR_SERIAL" id="VIR_ERR_SEX
PR_SERIAL">VIR_ERR_SEXPR_SERIAL</a></td><td> =
</td><td>13</td><td> : failure to serialize an
S-Expr</td></tr><tr><td><a name="VIR_ERR_NO_XEN"
id="VIR_ERR_NO_XEN">VIR_ERR_NO_XEN</a></td><td> =
</td><td>14</td><td> : could not open Xen hypervisor
control</td></tr><tr><td><a name="VIR_ERR_XEN_CALL"
id="VIR_ERR_XEN_CALL">VIR_ERR_XEN_CALL</a></td><td> =
</td><td>15</td><td> : failure doing an hypervisor
call</td></tr><tr><td><a name="VIR_ERR_OS_TYPE"
id="VIR_ERR_OS_TYPE">VIR_ERR_OS_TYPE</a></td><td> =
</td><td>16</td><td> : unknown OS
type</td></tr><tr><td><a name="VIR_ERR_NO_KERNEL"
id="VIR_ERR_NO_KERNEL">VIR_ERR_NO_KERNEL</a></td><td> =
</td><td>17</td><td> : missing kernel
information</td></tr><tr><td><a
name="VIR_ERR_NO_ROOT"
id="VIR_ERR_NO_ROOT">VIR_ERR_NO_ROOT</a></td><td> =
</td><td>18</td><td> : missing root device
information</td></tr><tr><td><a
name="VIR_ERR_NO_SOURCE"
id="VIR_ERR_NO_SOURCE">VIR_ERR_NO_SOURCE</a></td><td> =
</td><td>19</td><td> : missing source device !
information</td></tr><tr><td><a
name="VIR_ERR_NO_TARGET"
id="VIR_ERR_NO_TARGET">VIR_ERR_NO_TARGET</a></td><td> =
</td><td>20</td><td> : missing target device
information</td></tr><tr><td><a
name="VIR_ERR_NO_NAME"
id="VIR_ERR_NO_NAME">VIR_ERR_NO_NAME</a></td><td> =
</td><td>21</td><td> : missing domain name
information</td></tr><tr><td><a name="VIR_ERR_NO_OS"
id="VIR_ERR_NO_OS">VIR_ERR_NO_OS</a></td><td> =
</td><td>22</td><td> : missing domain OS
information</td></tr><tr><td><a
name="VIR_ERR_NO_DEVICE"
id="VIR_ERR_NO_DEVICE">VIR_ERR_NO_DEVICE</a></td><td> =
</td><td>23</td><td> : missing domain devices
information</td></tr><tr><td><a
name="VIR_ERR_NO_XENSTORE"
id="VIR_ERR_NO_XENSTORE">VIR_ERR_NO_XENSTORE</a></td><td> =
</td><td>24</td><td> : could not open Xen Store
control</td></tr><tr><td><a
name="VIR_ERR_DRIVER_FULL"
id="VIR_ERR_DRIVER_FULL">VIR_ERR_DRIVER_FULL</a></td><td> =
</td><td>25</td><td> : too many drivers
registered</td></tr><tr><td><a
name="VIR_ERR_CALL_FAILED"!
id="VIR_ERR_CALL_FAILED">VIR_ERR_CALL_FAILED</a></td><td>
= </td><td>
26</td><td> : not supported by the drivers
(DEPRECATED)</td></tr><tr><td><a
name="VIR_ERR_XML_ERROR"
id="VIR_ERR_XML_ERROR">VIR_ERR_XML_ERROR</a></td><td> =
</td><td>27</td><td> : an XML description is not well formed or
broken</td></tr><tr><td><a name="VIR_ERR_DOM_EXIST"
id="VIR_ERR_DOM_EXIST">VIR_ERR_DOM_EXIST</a></td><td> =
</td><td>28</td><td> : the domain already
exist</td></tr><tr><td><a
name="VIR_ERR_OPERATION_DENIED"
id="VIR_ERR_OPERATION_DENIED">VIR_ERR_OPERATION_DENIED</a></td><td>
= </td><td>29</td><td> : operation forbidden on read-only
connections</td></tr><tr><td><a
name="VIR_ERR_OPEN_FAILED"
id="VIR_ERR_OPEN_FAILED">VIR_ERR_OPEN_FAILED</a></td><td> =
</td><td>30</td><td> : failed to open a conf
file</td></tr><tr><td><a name="VIR_ERR_READ_FAILED"
id="VIR_ERR_READ_FAILED">VIR_ERR_READ_FAILED</a></td><td> =
</td><td>31</td><td> : failed to read a conf
file</td></tr><tr><td><a name="VIR_ERR_PARSE_FAILED"
id="VIR_ERR_PARSE_FAILED">VIR_ERR_PARSE_FAILED</a></td><td>
!
= </td><td>32</td><td> : failed to parse a conf
file</td></tr><tr><td><a name="VIR_ERR_CONF_SYNTAX"
id="VIR_ERR_CONF_SYNTAX">VIR_ERR_CONF_SYNTAX</a></td><td> =
</td><td>33</td><td> : failed to parse the syntax of a conf
file</td></tr><tr><td><a name="VIR_ERR_WRITE_FAILED"
id="VIR_ERR_WRITE_FAILED">VIR_ERR_WRITE_FAILED</a></td><td>
= </td><td>34</td><td> : failed to write a conf
file</td></tr><tr><td><a name="VIR_ERR_XML_DETAIL"
id="VIR_ERR_XML_DETAIL">VIR_ERR_XML_DETAIL</a></td><td> =
</td><td>35</td><td> : detail of an XML
error</td></tr><tr><td><a
name="VIR_ERR_INVALID_NETWORK"
id="VIR_ERR_INVALID_NETWORK">VIR_ERR_INVALID_NETWORK</a></td><td>
= </td><td>36</td><td> : invalid network
object</td></tr><tr><td><a
name="VIR_ERR_NETWORK_EXIST"
id="VIR_ERR_NETWORK_EXIST">VIR_ERR_NETWORK_EXIST</a></td><td>
= </td><td>37</td><td> : the network already
exist</td></tr><tr><td><a name="VIR_ERR_SYSTEM_ERROR"
id="VIR_ERR_SYSTEM_ERROR">VIR_ERR_SYSTEM_ERROR</a></td><td>
= </td><td>38</td!
<td> : general system call
failure</td></tr><tr><td><a name="VIR_ERR_
RPC"
id="VIR_ERR_RPC">VIR_ERR_RPC</a></td><td> =
</td><td>39</td><td> : some sort of RPC
error</td></tr><tr><td><a name="VIR_ERR_GNUTLS_ERROR"
id="VIR_ERR_GNUTLS_ERROR">VIR_ERR_GNUTLS_ERROR</a></td><td>
= </td><td>40</td><td> : error from a GNUTLS
call</td></tr><tr><td><a name="VIR_WAR_NO_NETWORK"
id="VIR_WAR_NO_NETWORK">VIR_WAR_NO_NETWORK</a></td><td> =
</td><td>41</td><td> : failed to start
network</td></tr><tr><td><a name="VIR_ERR_NO_DOMAIN"
id="VIR_ERR_NO_DOMAIN">VIR_ERR_NO_DOMAIN</a></td><td> =
</td><td>42</td><td> : domain not found or unexpectedly
disappeared</td></tr><tr><td><a
name="VIR_ERR_NO_NETWORK"
id="VIR_ERR_NO_NETWORK">VIR_ERR_NO_NETWORK</a></td><td> =
</td><td>43</td><td> : network not
found</td></tr><tr><td><a name="VIR_ERR_INVALID_MAC"
id="VIR_ERR_INVALID_MAC">VIR_ERR_INVALID_MAC</a></td><td> =
</td><td>44</td><td> : invalid MAC
address</td></tr><tr><td><a
name="VIR_ERR_AUTH_FAILED"
id="VIR_ERR_AUTH_FAILED">VIR_ERR_AUTH_FAILED</a></td><td> =
</td><td>45</t!
d><td> : authentication failed</td></tr><tr><td><a
name="VIR_ERR_INVALID_STORAGE_POOL"
id="VIR_ERR_INVALID_STORAGE_POOL">VIR_ERR_INVALID_STORAGE_POOL</a></td><td>
= </td><td>46</td><td> : invalid storage pool
object</td></tr><tr><td><a
name="VIR_ERR_INVALID_STORAGE_VOL"
id="VIR_ERR_INVALID_STORAGE_VOL">VIR_ERR_INVALID_STORAGE_VOL</a></td><td>
= </td><td>47</td><td> : invalid storage vol
object</td></tr><tr><td><a name="VIR_WAR_NO_STORAGE"
id="VIR_WAR_NO_STORAGE">VIR_WAR_NO_STORAGE</a></td><td> =
</td><td>48</td><td> : failed to start
storage</td></tr><tr><td><a
name="VIR_ERR_NO_STORAGE_POOL"
id="VIR_ERR_NO_STORAGE_POOL">VIR_ERR_NO_STORAGE_POOL</a></td><td>
= </td><td>49</td><td> : storage pool not
found</td></tr><tr><td><a
name="VIR_ERR_NO_STORAGE_VOL"
id="VIR_ERR_NO_STORAGE_VOL">VIR_ERR_NO_STORAGE_VOL</a></td><td>
= </td><td>50</td><td> : storage pool not
found</td></tr><tr><td><a name="VIR_WAR_NO_NODE"
id="VIR_WAR_NO_NODE">VIR_WAR_NO_NODE</a></td><td> =
</td><td>51</td><t!
d> : failed to start node driver</td></tr><tr><td><a
name="VIR_ERR_INV
ALID_NODE_DEVICE"
id="VIR_ERR_INVALID_NODE_DEVICE">VIR_ERR_INVALID_NODE_DEVICE</a></td><td>
= </td><td>52</td><td> : invalid node device
object</td></tr><tr><td><a
name="VIR_ERR_NO_NODE_DEVICE"
id="VIR_ERR_NO_NODE_DEVICE">VIR_ERR_NO_NODE_DEVICE</a></td><td>
= </td><td>53</td><td> : node device not
found</td></tr><tr><td><a
name="VIR_ERR_NO_SECURITY_MODEL"
id="VIR_ERR_NO_SECURITY_MODEL">VIR_ERR_NO_SECURITY_MODEL</a></td><td>
= </td><td>54</td><td> : security model not
found</td></tr><tr><td><a
name="VIR_ERR_OPERATION_INVALID"
id="VIR_ERR_OPERATION_INVALID">VIR_ERR_OPERATION_INVALID</a></td><td>
= </td><td>55</td><td> : operation is not applicable at this
time</td></tr><tr><td><a name="VIR_WAR_NO_INTERFACE"
id="VIR_WAR_NO_INTERFACE">VIR_WAR_NO_INTERFACE</a></td><td>
= </td><td>56</td><td> : failed to start interface
driver</td></tr><tr><td><a
name="VIR_ERR_NO_INTERFACE"
id="VIR_ERR_NO_INTERFACE">VIR_ERR_NO_INTERFACE</a></td><td>
= </td><td>57</td><td> : interface driver not ru!
nning</td></tr><tr><td><a
name="VIR_ERR_INVALID_INTERFACE"
id="VIR_ERR_INVALID_INTERFACE">VIR_ERR_INVALID_INTERFACE</a></td><td>
= </td><td>58</td><td> : invalid interface
object</td></tr><tr><td><a
name="VIR_ERR_MULTIPLE_INTERFACES"
id="VIR_ERR_MULTIPLE_INTERFACES">VIR_ERR_MULTIPLE_INTERFACES</a></td><td>
= </td><td>59</td><td> : more than one matching interface
found</td></tr><tr><td><a name="VIR_WAR_NO_SECRET"
id="VIR_WAR_NO_SECRET">VIR_WAR_NO_SECRET</a></td><td> =
</td><td>60</td><td> : failed to start secret
storage</td></tr><tr><td><a name="VIR_ERR_NO_SECRET"
id="VIR_ERR_NO_SECRET">VIR_ERR_NO_SECRET</a></td><td> =
</td><td>61</td><td> : secret not
found</td></tr><tr><td><a
name="VIR_ERR_INVALID_SECRET"
id="VIR_ERR_INVALID_SECRET">VIR_ERR_INVALID_SECRET</a></td><td>
= </td><td>62</td><td> : invalid
secret</td></tr></table><pre>}
</pre></div><h3><a name="functions"
id="functions">Functions</a></h3><h3><a
name="virConnCopyLastError"
id="virConnCopyLastError"><code>virConnCopyLastError</code></a></h3><pre
class="programlisting">int virConnCopyLastError (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn,
<br /> <a
href="libvirt-virterror.html#virErrorPtr">virErrorPtr</a> to)<br
/>
</pre><p>Copy the content of the last error caught on that connection This
method is not protected against access from multiple threads. In a multi-threaded
application, always use the global virGetLastError() API which is backed by thread local
storage. If the connection object was discovered to be invalid by an API call, then the
error will be reported against the global error object. Since 0.6.0, all errors reported
in the per-connection object are also duplicated in the global error object. As such an
application can always use virGetLastError(). This method remains for backwards
compatability. One will need to free the result with virResetError()</p><div
class="variablelist"><table border="0"><col
align="left" /><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>to</tt></i>:</span></td><td>target
to receive the copy</td></tr><tr><td><span
class="term"><i><tt>Returns</tt>!
</i>:</span></td><td>0 if no error was found and the error code
otherwise and -1 in case of parameter
error.</td></tr></tbody></table></div><h3><a
name="virConnGetLastError"
id="virConnGetLastError"><code>virConnGetLastError</code></a></h3><pre
class="programlisting"><a
href="libvirt-virterror.html#virErrorPtr">virErrorPtr</a> virConnGetLastError (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
</pre><p>Provide a pointer to the last error caught on that connection This
method is not protected against access from multiple threads. In a multi-threaded
application, always use the global virGetLastError() API which is backed by thread local
storage. If the connection object was discovered to be invalid by an API call, then the
error will be reported against the global error object. Since 0.6.0, all errors reported
in the per-connection object are also duplicated in the global error object. As such an
application can always use virGetLastError(). This method remains for backwards
compatability.</p><div class="variablelist"><table
border="0"><col align="left"
/><tbody><tr><td><span
class="term"><i><tt>conn</tt></i>:</span></td><td>pointer
to the hypervisor connection</td></tr><tr><td><span
class="term"><i><tt>Returns</tt></i>:</span></td><td>a
pointer to the last error or NULL if none
occurred.</td></tr></tbody></table></div><h3><a
name="virConnResetLastError" id="virCo!
nnResetLastError"><code>virConnResetLastError</code></a></h3><pre
class="programlisting">void virConnResetLastError (<a
href="libvirt-libvirt.html#virConnectPtr">virConnectPtr</a> conn)<br
/>
diff --git a/docs/libvirt-api.xml b/docs/libvirt-api.xml
index 8ded57a..fd52e62 100644
--- a/docs/libvirt-api.xml
+++ b/docs/libvirt-api.xml
@@ -51,6 +51,7 @@
<exports symbol='VIR_CRED_USERNAME' type='enum'/>
<exports symbol='VIR_DOMAIN_EVENT_RESUMED_UNPAUSED'
type='enum'/>
<exports symbol='VIR_DOMAIN_RUNNING' type='enum'/>
+ <exports symbol='VIR_STORAGE_VOL_DELETE_ZEROED' type='enum'/>
<exports symbol='VIR_EVENT_HANDLE_ERROR' type='enum'/>
<exports symbol='VIR_DOMAIN_NOSTATE' type='enum'/>
<exports symbol='VIR_DOMAIN_SHUTOFF' type='enum'/>
@@ -60,7 +61,7 @@
<exports symbol='VIR_STORAGE_POOL_BUILD_NEW' type='enum'/>
<exports symbol='VIR_DOMAIN_EVENT_SUSPENDED_PAUSED'
type='enum'/>
<exports symbol='VIR_STORAGE_POOL_DELETE_NORMAL'
type='enum'/>
- <exports symbol='VIR_STORAGE_VOL_DELETE_ZEROED' type='enum'/>
+ <exports symbol='VIR_MEMORY_PHYSICAL' type='enum'/>
<exports symbol='VIR_DOMAIN_SCHED_FIELD_INT' type='enum'/>
<exports symbol='VIR_DOMAIN_SCHED_FIELD_ULLONG' type='enum'/>
<exports symbol='VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN'
type='enum'/>
@@ -181,7 +182,7 @@
<exports symbol='virDomainGetSchedulerParameters'
type='function'/>
<exports symbol='virDomainLookupByUUIDString'
type='function'/>
<exports symbol='virConnectNumOfDefinedNetworks'
type='function'/>
- <exports symbol='virConnectNumOfDomains' type='function'/>
+ <exports symbol='virConnectListDefinedInterfaces'
type='function'/>
<exports symbol='virNetworkGetUUID' type='function'/>
<exports symbol='virInterfaceGetXMLDesc' type='function'/>
<exports symbol='virStoragePoolGetConnect' type='function'/>
@@ -198,6 +199,7 @@
<exports symbol='virEventRegisterImpl' type='function'/>
<exports symbol='virInterfaceDefineXML' type='function'/>
<exports symbol='virDomainMigrate' type='function'/>
+ <exports symbol='virSecretNumOfSecrets' type='function'/>
<exports symbol='virDomainSuspend' type='function'/>
<exports symbol='virDomainCreateLinux' type='function'/>
<exports symbol='virNodeDeviceGetXMLDesc' type='function'/>
@@ -222,17 +224,20 @@
<exports symbol='virDomainSetSchedulerParameters'
type='function'/>
<exports symbol='virConnectGetType' type='function'/>
<exports symbol='virStorageVolCreateXML' type='function'/>
+ <exports symbol='virSecretSetXML' type='function'/>
<exports symbol='virDomainSave' type='function'/>
<exports symbol='virDomainCreate' type='function'/>
<exports symbol='virConnectListDomains' type='function'/>
<exports symbol='virDomainCoreDump' type='function'/>
<exports symbol='virDomainSetMemory' type='function'/>
+ <exports symbol='virSecretDelete' type='function'/>
<exports symbol='virInterfaceGetName' type='function'/>
<exports symbol='virStoragePoolCreate' type='function'/>
<exports symbol='virNodeGetInfo' type='function'/>
<exports symbol='virNetworkSetAutostart' type='function'/>
<exports symbol='virDomainGetMaxMemory' type='function'/>
<exports symbol='virStoragePoolFree' type='function'/>
+ <exports symbol='virConnectNumOfDefinedInterfaces'
type='function'/>
<exports symbol='virFreeCallback' type='function'/>
<exports symbol='virNetworkDefineXML' type='function'/>
<exports symbol='virNodeDeviceListCaps' type='function'/>
@@ -259,8 +264,10 @@
<exports symbol='virDomainPinVcpu' type='function'/>
<exports symbol='virNodeGetSecurityModel' type='function'/>
<exports symbol='virDomainRestore' type='function'/>
+ <exports symbol='virSecretAllocateID' type='function'/>
<exports symbol='virNodeDeviceDestroy' type='function'/>
<exports symbol='virStorageVolGetPath' type='function'/>
+ <exports symbol='virSecretGetXML' type='function'/>
<exports symbol='virNetworkLookupByUUIDString'
type='function'/>
<exports symbol='virConnectDomainEventCallback'
type='function'/>
<exports symbol='virDomainLookupByID' type='function'/>
@@ -273,6 +280,7 @@
<exports symbol='virConnectRef' type='function'/>
<exports symbol='virDomainGetUUID' type='function'/>
<exports symbol='virNetworkCreateXML' type='function'/>
+ <exports symbol='virNetworkUndefine' type='function'/>
<exports symbol='virConnectDomainEventRegister'
type='function'/>
<exports symbol='virDomainGetVcpus' type='function'/>
<exports symbol='virNodeDeviceLookupByName' type='function'/>
@@ -280,7 +288,7 @@
<exports symbol='virDomainResume' type='function'/>
<exports symbol='virInterfaceRef' type='function'/>
<exports symbol='virInterfaceGetMACString' type='function'/>
- <exports symbol='virNetworkRef' type='function'/>
+ <exports symbol='virConnectNumOfDomains' type='function'/>
<exports symbol='virStoragePoolRefresh' type='function'/>
<exports symbol='virConnectNumOfDefinedDomains'
type='function'/>
<exports symbol='virStorageVolCreateXMLFrom'
type='function'/>
@@ -304,7 +312,7 @@
<exports symbol='virNetworkFree' type='function'/>
<exports symbol='virStoragePoolLookupByUUID'
type='function'/>
<exports symbol='virEventAddHandleFunc' type='function'/>
- <exports symbol='virNetworkUndefine' type='function'/>
+ <exports symbol='virNetworkRef' type='function'/>
<exports symbol='virConnectListDefinedStoragePools'
type='function'/>
<exports symbol='virEventTimeoutCallback' type='function'/>
<exports symbol='virInterfaceFree' type='function'/>
@@ -313,11 +321,13 @@
<exports symbol='virNetworkGetConnect' type='function'/>
<exports symbol='virNodeGetFreeMemory' type='function'/>
<exports symbol='virInterfaceDestroy' type='function'/>
+ <exports symbol='virSecretSetValue' type='function'/>
<exports symbol='virStorageVolGetConnect' type='function'/>
<exports symbol='virNodeNumOfDevices' type='function'/>
<exports symbol='virStoragePoolDestroy' type='function'/>
<exports symbol='virStoragePoolLookupByVolume'
type='function'/>
<exports symbol='virDomainLookupByUUID' type='function'/>
+ <exports symbol='virSecretListSecrets' type='function'/>
<exports symbol='virDomainGetOSType' type='function'/>
<exports symbol='virStoragePoolBuild' type='function'/>
<exports symbol='virConnectGetMaxVcpus' type='function'/>
@@ -339,6 +349,7 @@
<exports symbol='virInterfaceLookupByName' type='function'/>
<exports symbol='virDomainInterfaceStats' type='function'/>
<exports symbol='virConnectListNetworks' type='function'/>
+ <exports symbol='virSecretGetValue' type='function'/>
<exports symbol='virStorageVolLookupByKey' type='function'/>
</file>
<file name='virterror'>
@@ -352,12 +363,14 @@
<exports symbol='VIR_ERR_NO_MEMORY' type='enum'/>
<exports symbol='VIR_WAR_NO_NODE' type='enum'/>
<exports symbol='VIR_ERR_NO_STORAGE_VOL' type='enum'/>
+ <exports symbol='VIR_FROM_XML' type='enum'/>
<exports symbol='VIR_FROM_CONF' type='enum'/>
<exports symbol='VIR_ERR_INVALID_NETWORK' type='enum'/>
<exports symbol='VIR_ERR_PARSE_FAILED' type='enum'/>
<exports symbol='VIR_ERR_POST_FAILED' type='enum'/>
<exports symbol='VIR_ERR_INVALID_CONN' type='enum'/>
<exports symbol='VIR_ERR_GET_FAILED' type='enum'/>
+ <exports symbol='VIR_FROM_XEN' type='enum'/>
<exports symbol='VIR_ERR_NO_SOURCE' type='enum'/>
<exports symbol='VIR_ERR_NETWORK_EXIST' type='enum'/>
<exports symbol='VIR_ERR_NONE' type='enum'/>
@@ -367,9 +380,10 @@
<exports symbol='VIR_ERR_READ_FAILED' type='enum'/>
<exports symbol='VIR_FROM_INTERFACE' type='enum'/>
<exports symbol='VIR_ERR_NO_CONNECT' type='enum'/>
- <exports symbol='VIR_ERR_CALL_FAILED' type='enum'/>
+ <exports symbol='VIR_FROM_ESX' type='enum'/>
<exports symbol='VIR_FROM_VBOX' type='enum'/>
<exports symbol='VIR_FROM_TEST' type='enum'/>
+ <exports symbol='VIR_ERR_MULTIPLE_INTERFACES' type='enum'/>
<exports symbol='VIR_ERR_NO_DEVICE' type='enum'/>
<exports symbol='VIR_FROM_SEXPR' type='enum'/>
<exports symbol='VIR_ERR_INVALID_MAC' type='enum'/>
@@ -379,6 +393,7 @@
<exports symbol='VIR_FROM_STATS_LINUX' type='enum'/>
<exports symbol='VIR_FROM_OPENVZ' type='enum'/>
<exports symbol='VIR_ERR_OS_TYPE' type='enum'/>
+ <exports symbol='VIR_WAR_NO_SECRET' type='enum'/>
<exports symbol='VIR_WAR_NO_NETWORK' type='enum'/>
<exports symbol='VIR_FROM_UML' type='enum'/>
<exports symbol='VIR_ERR_NO_NAME' type='enum'/>
@@ -390,6 +405,7 @@
<exports symbol='VIR_ERR_CONF_SYNTAX' type='enum'/>
<exports symbol='VIR_ERR_NO_SUPPORT' type='enum'/>
<exports symbol='VIR_ERR_NO_SECURITY_MODEL' type='enum'/>
+ <exports symbol='VIR_FROM_PHYP' type='enum'/>
<exports symbol='VIR_ERR_SEXPR_SERIAL' type='enum'/>
<exports symbol='VIR_FROM_XENSTORE' type='enum'/>
<exports symbol='VIR_ERR_OPEN_FAILED' type='enum'/>
@@ -403,20 +419,22 @@
<exports symbol='VIR_ERR_GNUTLS_ERROR' type='enum'/>
<exports symbol='VIR_ERR_XML_ERROR' type='enum'/>
<exports symbol='VIR_ERR_OK' type='enum'/>
- <exports symbol='VIR_ERR_INVALID_INTERFACE' type='enum'/>
<exports symbol='VIR_FROM_STORAGE' type='enum'/>
<exports symbol='VIR_FROM_PROXY' type='enum'/>
<exports symbol='VIR_ERR_DRIVER_FULL' type='enum'/>
<exports symbol='VIR_FROM_DOMAIN' type='enum'/>
- <exports symbol='VIR_FROM_XML' type='enum'/>
+ <exports symbol='VIR_ERR_INVALID_SECRET' type='enum'/>
<exports symbol='VIR_ERR_OPERATION_DENIED' type='enum'/>
<exports symbol='VIR_ERR_INVALID_STORAGE_POOL' type='enum'/>
+ <exports symbol='VIR_FROM_SECRET' type='enum'/>
<exports symbol='VIR_ERR_NO_DOMAIN' type='enum'/>
- <exports symbol='VIR_FROM_XEN' type='enum'/>
+ <exports symbol='VIR_ERR_INVALID_INTERFACE' type='enum'/>
<exports symbol='VIR_ERR_RPC' type='enum'/>
<exports symbol='VIR_ERR_WARNING' type='enum'/>
<exports symbol='VIR_ERR_INVALID_ARG' type='enum'/>
+ <exports symbol='VIR_ERR_CALL_FAILED' type='enum'/>
<exports symbol='VIR_ERR_ERROR' type='enum'/>
+ <exports symbol='VIR_ERR_NO_SECRET' type='enum'/>
<exports symbol='VIR_WAR_NO_INTERFACE' type='enum'/>
<exports symbol='VIR_ERR_DOM_EXIST' type='enum'/>
<exports symbol='VIR_FROM_LXC' type='enum'/>
@@ -577,12 +595,14 @@
<enum name='VIR_ERR_INVALID_ARG' file='virterror'
value='8' type='virErrorNumber' info='invalid function
argument'/>
<enum name='VIR_ERR_INVALID_CONN' file='virterror'
value='6' type='virErrorNumber' info='invalid connection
object'/>
<enum name='VIR_ERR_INVALID_DOMAIN' file='virterror'
value='7' type='virErrorNumber' info='invalid domain object'/>
- <enum name='VIR_ERR_INVALID_INTERFACE' file='virterror'
value='58' type='virErrorNumber' info=' invalid interface
object'/>
+ <enum name='VIR_ERR_INVALID_INTERFACE' file='virterror'
value='58' type='virErrorNumber' info='invalid interface
object'/>
<enum name='VIR_ERR_INVALID_MAC' file='virterror'
value='44' type='virErrorNumber' info='invalid MAC address'/>
<enum name='VIR_ERR_INVALID_NETWORK' file='virterror'
value='36' type='virErrorNumber' info='invalid network
object'/>
<enum name='VIR_ERR_INVALID_NODE_DEVICE' file='virterror'
value='52' type='virErrorNumber' info='invalid node device
object'/>
+ <enum name='VIR_ERR_INVALID_SECRET' file='virterror'
value='62' type='virErrorNumber' info=' invalid secret'/>
<enum name='VIR_ERR_INVALID_STORAGE_POOL' file='virterror'
value='46' type='virErrorNumber' info='invalid storage pool
object'/>
<enum name='VIR_ERR_INVALID_STORAGE_VOL' file='virterror'
value='47' type='virErrorNumber' info='invalid storage vol
object'/>
+ <enum name='VIR_ERR_MULTIPLE_INTERFACES' file='virterror'
value='59' type='virErrorNumber' info='more than one matching
interface found'/>
<enum name='VIR_ERR_NETWORK_EXIST' file='virterror'
value='37' type='virErrorNumber' info='the network already
exist'/>
<enum name='VIR_ERR_NONE' file='virterror' value='0'
type='virErrorLevel'/>
<enum name='VIR_ERR_NO_CONNECT' file='virterror' value='5'
type='virErrorNumber' info='can't connect to hypervisor'/>
@@ -596,6 +616,7 @@
<enum name='VIR_ERR_NO_NODE_DEVICE' file='virterror'
value='53' type='virErrorNumber' info='node device not
found'/>
<enum name='VIR_ERR_NO_OS' file='virterror' value='22'
type='virErrorNumber' info='missing domain OS information'/>
<enum name='VIR_ERR_NO_ROOT' file='virterror' value='18'
type='virErrorNumber' info='missing root device information'/>
+ <enum name='VIR_ERR_NO_SECRET' file='virterror' value='61'
type='virErrorNumber' info='secret not found'/>
<enum name='VIR_ERR_NO_SECURITY_MODEL' file='virterror'
value='54' type='virErrorNumber' info='security model not
found'/>
<enum name='VIR_ERR_NO_SOURCE' file='virterror' value='19'
type='virErrorNumber' info='missing source device information'/>
<enum name='VIR_ERR_NO_STORAGE_POOL' file='virterror'
value='49' type='virErrorNumber' info='storage pool not
found'/>
@@ -629,18 +650,21 @@
<enum name='VIR_FROM_CONF' file='virterror' value='9'
type='virErrorDomain' info='Error in the configuration file
handling'/>
<enum name='VIR_FROM_DOM' file='virterror' value='6'
type='virErrorDomain' info='Error when operating on a domain'/>
<enum name='VIR_FROM_DOMAIN' file='virterror' value='20'
type='virErrorDomain' info='Error from domain config'/>
+ <enum name='VIR_FROM_ESX' file='virterror' value='28'
type='virErrorDomain' info='Error from ESX driver'/>
<enum name='VIR_FROM_INTERFACE' file='virterror'
value='26' type='virErrorDomain' info='Error when operating on an
interface'/>
<enum name='VIR_FROM_LXC' file='virterror' value='17'
type='virErrorDomain' info='Error from Linux Container driver'/>
<enum name='VIR_FROM_NET' file='virterror' value='11'
type='virErrorDomain' info='Error when operating on a network'/>
<enum name='VIR_FROM_NETWORK' file='virterror' value='19'
type='virErrorDomain' info='Error from network config'/>
<enum name='VIR_FROM_NODEDEV' file='virterror' value='22'
type='virErrorDomain' info='Error from node device monitor'/>
<enum name='VIR_FROM_NONE' file='virterror' value='0'
type='virErrorDomain'/>
- <enum name='VIR_FROM_ONE' file='virterror' value='27'
type='virErrorDomain' info=' Error from OpenNebula driver'/>
+ <enum name='VIR_FROM_ONE' file='virterror' value='27'
type='virErrorDomain' info='Error from OpenNebula driver'/>
<enum name='VIR_FROM_OPENVZ' file='virterror' value='14'
type='virErrorDomain' info='Error from OpenVZ driver'/>
+ <enum name='VIR_FROM_PHYP' file='virterror' value='29'
type='virErrorDomain' info='Error from IBM power hypervisor'/>
<enum name='VIR_FROM_PROXY' file='virterror' value='8'
type='virErrorDomain' info='Error in the proxy code'/>
<enum name='VIR_FROM_QEMU' file='virterror' value='10'
type='virErrorDomain' info='Error at the QEMU daemon'/>
<enum name='VIR_FROM_REMOTE' file='virterror' value='13'
type='virErrorDomain' info='Error from remote driver'/>
<enum name='VIR_FROM_RPC' file='virterror' value='7'
type='virErrorDomain' info='Error in the XML-RPC code'/>
+ <enum name='VIR_FROM_SECRET' file='virterror' value='30'
type='virErrorDomain' info=' Error from secret storage'/>
<enum name='VIR_FROM_SECURITY' file='virterror' value='24'
type='virErrorDomain' info='Error from security framework'/>
<enum name='VIR_FROM_SEXPR' file='virterror' value='4'
type='virErrorDomain' info='Error in the S-Expression code'/>
<enum name='VIR_FROM_STATS_LINUX' file='virterror'
value='16' type='virErrorDomain' info='Error in the Linux Stats
code'/>
@@ -654,7 +678,8 @@
<enum name='VIR_FROM_XENXM' file='virterror' value='15'
type='virErrorDomain' info='Error at Xen XM layer'/>
<enum name='VIR_FROM_XEN_INOTIFY' file='virterror'
value='23' type='virErrorDomain' info='Error from xen inotify
layer'/>
<enum name='VIR_FROM_XML' file='virterror' value='5'
type='virErrorDomain' info='Error in the XML code'/>
- <enum name='VIR_MEMORY_VIRTUAL' file='libvirt' value='1'
type='virDomainMemoryFlags' info=' addresses are virtual addresses'/>
+ <enum name='VIR_MEMORY_PHYSICAL' file='libvirt' value='2'
type='virDomainMemoryFlags' info=' addresses are physical addresses'/>
+ <enum name='VIR_MEMORY_VIRTUAL' file='libvirt' value='1'
type='virDomainMemoryFlags' info='addresses are virtual addresses'/>
<enum name='VIR_MIGRATE_LIVE' file='libvirt' value='1'
type='virDomainMigrateFlags' info=' live migration'/>
<enum name='VIR_STORAGE_POOL_BUILDING' file='libvirt'
value='1' type='virStoragePoolState' info='Initializing pool, not
available'/>
<enum name='VIR_STORAGE_POOL_BUILD_NEW' file='libvirt'
value='0' type='virStoragePoolBuildFlags' info='Regular build from
scratch'/>
@@ -675,6 +700,7 @@
<enum name='VIR_WAR_NO_INTERFACE' file='virterror'
value='56' type='virErrorNumber' info='failed to start interface
driver'/>
<enum name='VIR_WAR_NO_NETWORK' file='virterror'
value='41' type='virErrorNumber' info='failed to start
network'/>
<enum name='VIR_WAR_NO_NODE' file='virterror' value='51'
type='virErrorNumber' info='failed to start node driver'/>
+ <enum name='VIR_WAR_NO_SECRET' file='virterror' value='60'
type='virErrorNumber' info='failed to start secret storage'/>
<enum name='VIR_WAR_NO_STORAGE' file='virterror'
value='48' type='virErrorNumber' info='failed to start
storage'/>
<struct name='virConnect' file='libvirt' type='struct
_virConnect'/>
<struct name='virConnectAuth' file='libvirt' type='struct
_virConnectAuth'>
@@ -966,6 +992,13 @@ see note above'/>
<arg name='names' type='char ** const' info='pointer to an
array to store the names'/>
<arg name='maxnames' type='int' info='size of the
array'/>
</function>
+ <function name='virConnectListDefinedInterfaces' file='libvirt'
module='libvirt'>
+ <info>Collect the list of defined (inactive) physical host interfaces, and
store their names in @names.</info>
+ <return type='int' info='the number of interfaces found or -1 in
case of error'/>
+ <arg name='conn' type='virConnectPtr' info='pointer to the
hypervisor connection'/>
+ <arg name='names' type='char ** const' info='array to
collect the list of names of interfaces'/>
+ <arg name='maxnames' type='int' info='size of
@names'/>
+ </function>
<function name='virConnectListDefinedNetworks' file='libvirt'
module='libvirt'>
<info>list the inactive networks, stores the pointers to the names in
@names</info>
<return type='int' info='the number of names provided in the array
or -1 in case of error'/>
@@ -988,7 +1021,7 @@ see note above'/>
<arg name='maxids' type='int' info='size of @ids'/>
</function>
<function name='virConnectListInterfaces' file='libvirt'
module='libvirt'>
- <info>Collect the list of physical host interfaces, and store their names in
@names</info>
+ <info>Collect the list of active physical host interfaces, and store their
names in @names</info>
<return type='int' info='the number of interfaces found or -1 in
case of error'/>
<arg name='conn' type='virConnectPtr' info='pointer to the
hypervisor connection'/>
<arg name='names' type='char ** const' info='array to
collect the list of names of interfaces'/>
@@ -1013,6 +1046,11 @@ see note above'/>
<return type='int' info='the number of domain found or -1 in case of
error'/>
<arg name='conn' type='virConnectPtr' info='pointer to the
hypervisor connection'/>
</function>
+ <function name='virConnectNumOfDefinedInterfaces' file='libvirt'
module='libvirt'>
+ <info>Provides the number of defined (inactive) interfaces on the physical
host.</info>
+ <return type='int' info='the number of defined interface found or -1
in case of error'/>
+ <arg name='conn' type='virConnectPtr' info='pointer to the
hypervisor connection'/>
+ </function>
<function name='virConnectNumOfDefinedNetworks' file='libvirt'
module='libvirt'>
<info>Provides the number of inactive networks.</info>
<return type='int' info='the number of networks found or -1 in case
of error'/>
@@ -1029,8 +1067,8 @@ see note above'/>
<arg name='conn' type='virConnectPtr' info='pointer to the
hypervisor connection'/>
</function>
<function name='virConnectNumOfInterfaces' file='libvirt'
module='libvirt'>
- <info>Provides the number of interfaces on the physical host.</info>
- <return type='int' info='the number of interface found or -1 in case
of error'/>
+ <info>Provides the number of active interfaces on the physical
host.</info>
+ <return type='int' info='the number of active interfaces found or -1
in case of error'/>
<arg name='conn' type='virConnectPtr' info='pointer to the
hypervisor connection'/>
</function>
<function name='virConnectNumOfNetworks' file='libvirt'
module='libvirt'>
@@ -1045,18 +1083,18 @@ see note above'/>
</function>
<function name='virConnectOpen' file='libvirt'
module='libvirt'>
<info>This function should be called first to get a connection to the
Hypervisor and xen store</info>
- <return type='virConnectPtr' info='a pointer to the hypervisor
connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html'/>
+ <return type='virConnectPtr' info='a pointer to the hypervisor
connection or NULL in case of error If @name is NULL then probing will be done to
determine a suitable default driver to activate. This involves trying each hypervisor in
turn until one successfully opens. If the LIBVIRT_DEFAULT_URI environment variable is set,
then it will be used in preference to probing for a driver. If connecting to an
unprivileged hypervisor driver which requires the libvirtd daemon to be active, it will
automatically be launched if not already running. This can be prevented by setting the
environment variable LIBVIRT_AUTOSTART=0 URIs are documented at
http://libvirt.org/uri.html'/>
<arg name='name' type='const char *' info='URI of the
hypervisor'/>
</function>
<function name='virConnectOpenAuth' file='libvirt'
module='libvirt'>
- <info>This function should be called first to get a connection to the
Hypervisor. If necessary, authentication will be performed fetching credentials via the
callback</info>
+ <info>This function should be called first to get a connection to the
Hypervisor. If necessary, authentication will be performed fetching credentials via the
callback See virConnectOpen for notes about environment variables which can have an
effect on opening drivers</info>
<return type='virConnectPtr' info='a pointer to the hypervisor
connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html'/>
<arg name='name' type='const char *' info='URI of the
hypervisor'/>
<arg name='auth' type='virConnectAuthPtr' info='Authenticate
callback parameters'/>
<arg name='flags' type='int' info='Open flags'/>
</function>
<function name='virConnectOpenReadOnly' file='libvirt'
module='libvirt'>
- <info>This function should be called first to get a restricted connection to
the library functionalities. The set of APIs usable are then restricted on the available
methods to control the domains.</info>
+ <info>This function should be called first to get a restricted connection to
the library functionalities. The set of APIs usable are then restricted on the available
methods to control the domains. See virConnectOpen for notes about environment variables
which can have an effect on opening drivers</info>
<return type='virConnectPtr' info='a pointer to the hypervisor
connection or NULL in case of error URIs are documented at
http://libvirt.org/uri.html'/>
<arg name='name' type='const char *' info='URI of the
hypervisor'/>
</function>
@@ -1754,6 +1792,57 @@ see note above'/>
<info>Save the last error into a new error object.</info>
<return type='virErrorPtr' info='a pointer to the copied error or
NULL if allocation failed. It is the caller's responsibility to free the error
with virFreeError().'/>
</function>
+ <function name='virSecretAllocateID' file='libvirt'
module='libvirt'>
+ <info>Allocates a secret ID (a printable string) without associating a secret
value with the ID.</info>
+ <return type='char *' info='the secret ID on success, or NULL on
failure. The caller must free() the secret ID.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ </function>
+ <function name='virSecretDelete' file='libvirt'
module='libvirt'>
+ <info>Deletes the secret with secret_id (including the secret value and all
attributes).</info>
+ <return type='int' info='0 on success, -1 on failure.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ </function>
+ <function name='virSecretGetValue' file='libvirt'
module='libvirt'>
+ <info>Fetches the secret value associated with secret_id.</info>
+ <return type='void *' info='the secret value on success, NULL on
failure. The caller must free() the secret value.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ <arg name='secret_size' type='size_t *' info='Place for
storing size of the secret'/>
+ </function>
+ <function name='virSecretGetXML' file='libvirt'
module='libvirt'>
+ <info>Fetches an XML document describing attributes of the
secret.</info>
+ <return type='char *' info='the XML document on success, NULL on
failure. The caller must free() the XML.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ </function>
+ <function name='virSecretListSecrets' file='libvirt'
module='libvirt'>
+ <info>List the defined secret IDs, store pointers to names in
ids.</info>
+ <return type='int' info='the number of IDs provided in the array, or
-1 on failure.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='ids' type='char **' info='Pointer to an array to
store the IDs'/>
+ <arg name='maxids' type='int' info='size of the
array.'/>
+ </function>
+ <function name='virSecretNumOfSecrets' file='libvirt'
module='libvirt'>
+ <info>Fetch number of currently defined secret IDs.</info>
+ <return type='int' info='the number currently defined secret
IDs.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ </function>
+ <function name='virSecretSetValue' file='libvirt'
module='libvirt'>
+ <info>Associates a secret value with secret_id. Allocates secret_id if it
was not previously allocated.</info>
+ <return type='int' info='0 on success, -1 on failure.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ <arg name='secret' type='const void *' info='The
secret'/>
+ <arg name='secret_size' type='size_t' info='Size of the
secret'/>
+ </function>
+ <function name='virSecretSetXML' file='libvirt'
module='libvirt'>
+ <info>Replaces all attributes of the secret specified by secret_id by
attributes specified in xml (any attributes not specified in xml are discarded). Allocates
secret_id if it was not previously allocated.</info>
+ <return type='int' info='0 on success, -1 on failure.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ <arg name='xml' type='const char *' info='XML containing
attributes of the secret.'/>
+ </function>
<function name='virSetErrorFunc' file='virterror'
module='virterror'>
<info>Set a library global error handling function, if @handler is NULL, it
will reset to default printing on stderr. The error raised there are those for which no
handler at the connection level could caught.</info>
<return type='void'/>
@@ -1896,7 +1985,7 @@ see note above'/>
</function>
<function name='virStoragePoolUndefine' file='libvirt'
module='libvirt'>
<info>Undefine an inactive storage pool</info>
- <return type='int' info='a virStoragePoolPtr object, or NULL if
creation failed'/>
+ <return type='int' info='0 on success, -1 on failure'/>
<arg name='pool' type='virStoragePoolPtr' info='pointer to
storage pool'/>
</function>
<function name='virStorageVolCreateXML' file='libvirt'
module='libvirt'>
diff --git a/docs/libvirt-refs.xml b/docs/libvirt-refs.xml
index 2f8ffe5..e6dd007 100644
--- a/docs/libvirt-refs.xml
+++ b/docs/libvirt-refs.xml
@@ -71,8 +71,10 @@
<reference name='VIR_ERR_INVALID_MAC'
href='html/libvirt-virterror.html#VIR_ERR_INVALID_MAC'/>
<reference name='VIR_ERR_INVALID_NETWORK'
href='html/libvirt-virterror.html#VIR_ERR_INVALID_NETWORK'/>
<reference name='VIR_ERR_INVALID_NODE_DEVICE'
href='html/libvirt-virterror.html#VIR_ERR_INVALID_NODE_DEVICE'/>
+ <reference name='VIR_ERR_INVALID_SECRET'
href='html/libvirt-virterror.html#VIR_ERR_INVALID_SECRET'/>
<reference name='VIR_ERR_INVALID_STORAGE_POOL'
href='html/libvirt-virterror.html#VIR_ERR_INVALID_STORAGE_POOL'/>
<reference name='VIR_ERR_INVALID_STORAGE_VOL'
href='html/libvirt-virterror.html#VIR_ERR_INVALID_STORAGE_VOL'/>
+ <reference name='VIR_ERR_MULTIPLE_INTERFACES'
href='html/libvirt-virterror.html#VIR_ERR_MULTIPLE_INTERFACES'/>
<reference name='VIR_ERR_NETWORK_EXIST'
href='html/libvirt-virterror.html#VIR_ERR_NETWORK_EXIST'/>
<reference name='VIR_ERR_NONE'
href='html/libvirt-virterror.html#VIR_ERR_NONE'/>
<reference name='VIR_ERR_NO_CONNECT'
href='html/libvirt-virterror.html#VIR_ERR_NO_CONNECT'/>
@@ -86,6 +88,7 @@
<reference name='VIR_ERR_NO_NODE_DEVICE'
href='html/libvirt-virterror.html#VIR_ERR_NO_NODE_DEVICE'/>
<reference name='VIR_ERR_NO_OS'
href='html/libvirt-virterror.html#VIR_ERR_NO_OS'/>
<reference name='VIR_ERR_NO_ROOT'
href='html/libvirt-virterror.html#VIR_ERR_NO_ROOT'/>
+ <reference name='VIR_ERR_NO_SECRET'
href='html/libvirt-virterror.html#VIR_ERR_NO_SECRET'/>
<reference name='VIR_ERR_NO_SECURITY_MODEL'
href='html/libvirt-virterror.html#VIR_ERR_NO_SECURITY_MODEL'/>
<reference name='VIR_ERR_NO_SOURCE'
href='html/libvirt-virterror.html#VIR_ERR_NO_SOURCE'/>
<reference name='VIR_ERR_NO_STORAGE_POOL'
href='html/libvirt-virterror.html#VIR_ERR_NO_STORAGE_POOL'/>
@@ -119,6 +122,7 @@
<reference name='VIR_FROM_CONF'
href='html/libvirt-virterror.html#VIR_FROM_CONF'/>
<reference name='VIR_FROM_DOM'
href='html/libvirt-virterror.html#VIR_FROM_DOM'/>
<reference name='VIR_FROM_DOMAIN'
href='html/libvirt-virterror.html#VIR_FROM_DOMAIN'/>
+ <reference name='VIR_FROM_ESX'
href='html/libvirt-virterror.html#VIR_FROM_ESX'/>
<reference name='VIR_FROM_INTERFACE'
href='html/libvirt-virterror.html#VIR_FROM_INTERFACE'/>
<reference name='VIR_FROM_LXC'
href='html/libvirt-virterror.html#VIR_FROM_LXC'/>
<reference name='VIR_FROM_NET'
href='html/libvirt-virterror.html#VIR_FROM_NET'/>
@@ -127,10 +131,12 @@
<reference name='VIR_FROM_NONE'
href='html/libvirt-virterror.html#VIR_FROM_NONE'/>
<reference name='VIR_FROM_ONE'
href='html/libvirt-virterror.html#VIR_FROM_ONE'/>
<reference name='VIR_FROM_OPENVZ'
href='html/libvirt-virterror.html#VIR_FROM_OPENVZ'/>
+ <reference name='VIR_FROM_PHYP'
href='html/libvirt-virterror.html#VIR_FROM_PHYP'/>
<reference name='VIR_FROM_PROXY'
href='html/libvirt-virterror.html#VIR_FROM_PROXY'/>
<reference name='VIR_FROM_QEMU'
href='html/libvirt-virterror.html#VIR_FROM_QEMU'/>
<reference name='VIR_FROM_REMOTE'
href='html/libvirt-virterror.html#VIR_FROM_REMOTE'/>
<reference name='VIR_FROM_RPC'
href='html/libvirt-virterror.html#VIR_FROM_RPC'/>
+ <reference name='VIR_FROM_SECRET'
href='html/libvirt-virterror.html#VIR_FROM_SECRET'/>
<reference name='VIR_FROM_SECURITY'
href='html/libvirt-virterror.html#VIR_FROM_SECURITY'/>
<reference name='VIR_FROM_SEXPR'
href='html/libvirt-virterror.html#VIR_FROM_SEXPR'/>
<reference name='VIR_FROM_STATS_LINUX'
href='html/libvirt-virterror.html#VIR_FROM_STATS_LINUX'/>
@@ -145,6 +151,7 @@
<reference name='VIR_FROM_XEN_INOTIFY'
href='html/libvirt-virterror.html#VIR_FROM_XEN_INOTIFY'/>
<reference name='VIR_FROM_XML'
href='html/libvirt-virterror.html#VIR_FROM_XML'/>
<reference name='VIR_GET_CPUMAP'
href='html/libvirt-libvirt.html#VIR_GET_CPUMAP'/>
+ <reference name='VIR_MEMORY_PHYSICAL'
href='html/libvirt-libvirt.html#VIR_MEMORY_PHYSICAL'/>
<reference name='VIR_MEMORY_VIRTUAL'
href='html/libvirt-libvirt.html#VIR_MEMORY_VIRTUAL'/>
<reference name='VIR_MIGRATE_LIVE'
href='html/libvirt-libvirt.html#VIR_MIGRATE_LIVE'/>
<reference name='VIR_NODEINFO_MAXCPUS'
href='html/libvirt-libvirt.html#VIR_NODEINFO_MAXCPUS'/>
@@ -174,6 +181,7 @@
<reference name='VIR_WAR_NO_INTERFACE'
href='html/libvirt-virterror.html#VIR_WAR_NO_INTERFACE'/>
<reference name='VIR_WAR_NO_NETWORK'
href='html/libvirt-virterror.html#VIR_WAR_NO_NETWORK'/>
<reference name='VIR_WAR_NO_NODE'
href='html/libvirt-virterror.html#VIR_WAR_NO_NODE'/>
+ <reference name='VIR_WAR_NO_SECRET'
href='html/libvirt-virterror.html#VIR_WAR_NO_SECRET'/>
<reference name='VIR_WAR_NO_STORAGE'
href='html/libvirt-virterror.html#VIR_WAR_NO_STORAGE'/>
<reference name='_virConnectAuth'
href='html/libvirt-libvirt.html#_virConnectAuth'/>
<reference name='_virConnectCredential'
href='html/libvirt-libvirt.html#_virConnectCredential'/>
@@ -215,6 +223,7 @@
<reference name='virConnectGetURI'
href='html/libvirt-libvirt.html#virConnectGetURI'/>
<reference name='virConnectGetVersion'
href='html/libvirt-libvirt.html#virConnectGetVersion'/>
<reference name='virConnectListDefinedDomains'
href='html/libvirt-libvirt.html#virConnectListDefinedDomains'/>
+ <reference name='virConnectListDefinedInterfaces'
href='html/libvirt-libvirt.html#virConnectListDefinedInterfaces'/>
<reference name='virConnectListDefinedNetworks'
href='html/libvirt-libvirt.html#virConnectListDefinedNetworks'/>
<reference name='virConnectListDefinedStoragePools'
href='html/libvirt-libvirt.html#virConnectListDefinedStoragePools'/>
<reference name='virConnectListDomains'
href='html/libvirt-libvirt.html#virConnectListDomains'/>
@@ -222,6 +231,7 @@
<reference name='virConnectListNetworks'
href='html/libvirt-libvirt.html#virConnectListNetworks'/>
<reference name='virConnectListStoragePools'
href='html/libvirt-libvirt.html#virConnectListStoragePools'/>
<reference name='virConnectNumOfDefinedDomains'
href='html/libvirt-libvirt.html#virConnectNumOfDefinedDomains'/>
+ <reference name='virConnectNumOfDefinedInterfaces'
href='html/libvirt-libvirt.html#virConnectNumOfDefinedInterfaces'/>
<reference name='virConnectNumOfDefinedNetworks'
href='html/libvirt-libvirt.html#virConnectNumOfDefinedNetworks'/>
<reference name='virConnectNumOfDefinedStoragePools'
href='html/libvirt-libvirt.html#virConnectNumOfDefinedStoragePools'/>
<reference name='virConnectNumOfDomains'
href='html/libvirt-libvirt.html#virConnectNumOfDomains'/>
@@ -386,6 +396,14 @@
<reference name='virSchedParameter'
href='html/libvirt-libvirt.html#virSchedParameter'/>
<reference name='virSchedParameterPtr'
href='html/libvirt-libvirt.html#virSchedParameterPtr'/>
<reference name='virSchedParameterType'
href='html/libvirt-libvirt.html#virSchedParameterType'/>
+ <reference name='virSecretAllocateID'
href='html/libvirt-libvirt.html#virSecretAllocateID'/>
+ <reference name='virSecretDelete'
href='html/libvirt-libvirt.html#virSecretDelete'/>
+ <reference name='virSecretGetValue'
href='html/libvirt-libvirt.html#virSecretGetValue'/>
+ <reference name='virSecretGetXML'
href='html/libvirt-libvirt.html#virSecretGetXML'/>
+ <reference name='virSecretListSecrets'
href='html/libvirt-libvirt.html#virSecretListSecrets'/>
+ <reference name='virSecretNumOfSecrets'
href='html/libvirt-libvirt.html#virSecretNumOfSecrets'/>
+ <reference name='virSecretSetValue'
href='html/libvirt-libvirt.html#virSecretSetValue'/>
+ <reference name='virSecretSetXML'
href='html/libvirt-libvirt.html#virSecretSetXML'/>
<reference name='virSecurityLabel'
href='html/libvirt-libvirt.html#virSecurityLabel'/>
<reference name='virSecurityLabelPtr'
href='html/libvirt-libvirt.html#virSecurityLabelPtr'/>
<reference name='virSecurityModel'
href='html/libvirt-libvirt.html#virSecurityModel'/>
@@ -520,8 +538,10 @@
<ref name='VIR_ERR_INVALID_MAC'/>
<ref name='VIR_ERR_INVALID_NETWORK'/>
<ref name='VIR_ERR_INVALID_NODE_DEVICE'/>
+ <ref name='VIR_ERR_INVALID_SECRET'/>
<ref name='VIR_ERR_INVALID_STORAGE_POOL'/>
<ref name='VIR_ERR_INVALID_STORAGE_VOL'/>
+ <ref name='VIR_ERR_MULTIPLE_INTERFACES'/>
<ref name='VIR_ERR_NETWORK_EXIST'/>
<ref name='VIR_ERR_NONE'/>
<ref name='VIR_ERR_NO_CONNECT'/>
@@ -535,6 +555,7 @@
<ref name='VIR_ERR_NO_NODE_DEVICE'/>
<ref name='VIR_ERR_NO_OS'/>
<ref name='VIR_ERR_NO_ROOT'/>
+ <ref name='VIR_ERR_NO_SECRET'/>
<ref name='VIR_ERR_NO_SECURITY_MODEL'/>
<ref name='VIR_ERR_NO_SOURCE'/>
<ref name='VIR_ERR_NO_STORAGE_POOL'/>
@@ -568,6 +589,7 @@
<ref name='VIR_FROM_CONF'/>
<ref name='VIR_FROM_DOM'/>
<ref name='VIR_FROM_DOMAIN'/>
+ <ref name='VIR_FROM_ESX'/>
<ref name='VIR_FROM_INTERFACE'/>
<ref name='VIR_FROM_LXC'/>
<ref name='VIR_FROM_NET'/>
@@ -576,10 +598,12 @@
<ref name='VIR_FROM_NONE'/>
<ref name='VIR_FROM_ONE'/>
<ref name='VIR_FROM_OPENVZ'/>
+ <ref name='VIR_FROM_PHYP'/>
<ref name='VIR_FROM_PROXY'/>
<ref name='VIR_FROM_QEMU'/>
<ref name='VIR_FROM_REMOTE'/>
<ref name='VIR_FROM_RPC'/>
+ <ref name='VIR_FROM_SECRET'/>
<ref name='VIR_FROM_SECURITY'/>
<ref name='VIR_FROM_SEXPR'/>
<ref name='VIR_FROM_STATS_LINUX'/>
@@ -594,6 +618,7 @@
<ref name='VIR_FROM_XEN_INOTIFY'/>
<ref name='VIR_FROM_XML'/>
<ref name='VIR_GET_CPUMAP'/>
+ <ref name='VIR_MEMORY_PHYSICAL'/>
<ref name='VIR_MEMORY_VIRTUAL'/>
<ref name='VIR_MIGRATE_LIVE'/>
<ref name='VIR_NODEINFO_MAXCPUS'/>
@@ -623,6 +648,7 @@
<ref name='VIR_WAR_NO_INTERFACE'/>
<ref name='VIR_WAR_NO_NETWORK'/>
<ref name='VIR_WAR_NO_NODE'/>
+ <ref name='VIR_WAR_NO_SECRET'/>
<ref name='VIR_WAR_NO_STORAGE'/>
</letter>
<letter name='_'>
@@ -668,6 +694,7 @@
<ref name='virConnectGetURI'/>
<ref name='virConnectGetVersion'/>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListDomains'/>
@@ -675,6 +702,7 @@
<ref name='virConnectListNetworks'/>
<ref name='virConnectListStoragePools'/>
<ref name='virConnectNumOfDefinedDomains'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfDefinedNetworks'/>
<ref name='virConnectNumOfDefinedStoragePools'/>
<ref name='virConnectNumOfDomains'/>
@@ -839,6 +867,14 @@
<ref name='virSchedParameter'/>
<ref name='virSchedParameterPtr'/>
<ref name='virSchedParameterType'/>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
<ref name='virSecurityLabel'/>
<ref name='virSecurityLabelPtr'/>
<ref name='virSecurityModel'/>
@@ -966,10 +1002,17 @@
<ref name='virStorageVolLookupByName'/>
<ref name='virStorageVolLookupByPath'/>
</type>
+ <type name='void *'>
+ <ref name='virSecretGetValue'/>
+ </type>
</constructors>
<functions>
+ <type name='char **'>
+ <ref name='virSecretListSecrets'/>
+ </type>
<type name='char ** const'>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListInterfaces'/>
@@ -984,6 +1027,9 @@
<ref name='virNetworkLookupByUUID'/>
<ref name='virStoragePoolLookupByUUID'/>
</type>
+ <type name='const void *'>
+ <ref name='virSecretSetValue'/>
+ </type>
<type name='int *'>
<ref name='virConnectListDomains'/>
<ref name='virDomainGetAutostart'/>
@@ -997,6 +1043,10 @@
<ref name='virDomainBlockStats'/>
<ref name='virDomainInterfaceStats'/>
<ref name='virDomainMemoryPeek'/>
+ <ref name='virSecretSetValue'/>
+ </type>
+ <type name='size_t *'>
+ <ref name='virSecretGetValue'/>
</type>
<type name='unsigned char *'>
<ref name='virDomainGetUUID'/>
@@ -1082,6 +1132,7 @@
<ref name='virConnectGetURI'/>
<ref name='virConnectGetVersion'/>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListDomains'/>
@@ -1089,6 +1140,7 @@
<ref name='virConnectListNetworks'/>
<ref name='virConnectListStoragePools'/>
<ref name='virConnectNumOfDefinedDomains'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfDefinedNetworks'/>
<ref name='virConnectNumOfDefinedStoragePools'/>
<ref name='virConnectNumOfDomains'/>
@@ -1121,6 +1173,14 @@
<ref name='virNodeGetSecurityModel'/>
<ref name='virNodeListDevices'/>
<ref name='virNodeNumOfDevices'/>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
<ref name='virStoragePoolCreateXML'/>
<ref name='virStoragePoolDefineXML'/>
<ref name='virStoragePoolLookupByName'/>
@@ -1394,6 +1454,7 @@
<ref name='VIR_EVENT_HANDLE_READABLE'/>
<ref name='VIR_EVENT_HANDLE_WRITABLE'/>
<ref name='VIR_GET_CPUMAP'/>
+ <ref name='VIR_MEMORY_PHYSICAL'/>
<ref name='VIR_MEMORY_VIRTUAL'/>
<ref name='VIR_MIGRATE_LIVE'/>
<ref name='VIR_NODEINFO_MAXCPUS'/>
@@ -1455,6 +1516,7 @@
<ref name='virConnectGetURI'/>
<ref name='virConnectGetVersion'/>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListDomains'/>
@@ -1462,6 +1524,7 @@
<ref name='virConnectListNetworks'/>
<ref name='virConnectListStoragePools'/>
<ref name='virConnectNumOfDefinedDomains'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfDefinedNetworks'/>
<ref name='virConnectNumOfDefinedStoragePools'/>
<ref name='virConnectNumOfDomains'/>
@@ -1613,6 +1676,14 @@
<ref name='virSchedParameter'/>
<ref name='virSchedParameterPtr'/>
<ref name='virSchedParameterType'/>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
<ref name='virSecurityLabel'/>
<ref name='virSecurityLabelPtr'/>
<ref name='virSecurityModel'/>
@@ -1690,8 +1761,10 @@
<ref name='VIR_ERR_INVALID_MAC'/>
<ref name='VIR_ERR_INVALID_NETWORK'/>
<ref name='VIR_ERR_INVALID_NODE_DEVICE'/>
+ <ref name='VIR_ERR_INVALID_SECRET'/>
<ref name='VIR_ERR_INVALID_STORAGE_POOL'/>
<ref name='VIR_ERR_INVALID_STORAGE_VOL'/>
+ <ref name='VIR_ERR_MULTIPLE_INTERFACES'/>
<ref name='VIR_ERR_NETWORK_EXIST'/>
<ref name='VIR_ERR_NONE'/>
<ref name='VIR_ERR_NO_CONNECT'/>
@@ -1705,6 +1778,7 @@
<ref name='VIR_ERR_NO_NODE_DEVICE'/>
<ref name='VIR_ERR_NO_OS'/>
<ref name='VIR_ERR_NO_ROOT'/>
+ <ref name='VIR_ERR_NO_SECRET'/>
<ref name='VIR_ERR_NO_SECURITY_MODEL'/>
<ref name='VIR_ERR_NO_SOURCE'/>
<ref name='VIR_ERR_NO_STORAGE_POOL'/>
@@ -1734,6 +1808,7 @@
<ref name='VIR_FROM_CONF'/>
<ref name='VIR_FROM_DOM'/>
<ref name='VIR_FROM_DOMAIN'/>
+ <ref name='VIR_FROM_ESX'/>
<ref name='VIR_FROM_INTERFACE'/>
<ref name='VIR_FROM_LXC'/>
<ref name='VIR_FROM_NET'/>
@@ -1742,10 +1817,12 @@
<ref name='VIR_FROM_NONE'/>
<ref name='VIR_FROM_ONE'/>
<ref name='VIR_FROM_OPENVZ'/>
+ <ref name='VIR_FROM_PHYP'/>
<ref name='VIR_FROM_PROXY'/>
<ref name='VIR_FROM_QEMU'/>
<ref name='VIR_FROM_REMOTE'/>
<ref name='VIR_FROM_RPC'/>
+ <ref name='VIR_FROM_SECRET'/>
<ref name='VIR_FROM_SECURITY'/>
<ref name='VIR_FROM_SEXPR'/>
<ref name='VIR_FROM_STATS_LINUX'/>
@@ -1762,6 +1839,7 @@
<ref name='VIR_WAR_NO_INTERFACE'/>
<ref name='VIR_WAR_NO_NETWORK'/>
<ref name='VIR_WAR_NO_NODE'/>
+ <ref name='VIR_WAR_NO_SECRET'/>
<ref name='VIR_WAR_NO_STORAGE'/>
<ref name='_virError'/>
<ref name='virConnCopyLastError'/>
@@ -1825,9 +1903,17 @@
<word name='After'>
<ref name='virDomainSave'/>
</word>
+ <word name='Allocates'>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
+ </word>
<word name='Although'>
<ref name='virDomainMemoryPeek'/>
</word>
+ <word name='Associates'>
+ <ref name='virSecretSetValue'/>
+ </word>
<word name='Attempt'>
<ref name='virDomainMigrate'/>
</word>
@@ -1891,6 +1977,7 @@
<ref name='virDomainSetSchedulerParameters'/>
</word>
<word name='Collect'>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDomains'/>
<ref name='virConnectListInterfaces'/>
<ref name='virConnectListNetworks'/>
@@ -1944,6 +2031,9 @@
<ref name='virStoragePoolDelete'/>
<ref name='virStorageVolDelete'/>
</word>
+ <word name='Deletes'>
+ <ref name='virSecretDelete'/>
+ </word>
<word name='Depending'>
<ref name='virNodeDeviceDettach'/>
<ref name='virNodeDeviceReAttach'/>
@@ -2021,6 +2111,7 @@
<letter name='F'>
<word name='Fetch'>
<ref name='virNodeDeviceGetXMLDesc'/>
+ <ref name='virSecretNumOfSecrets'/>
<ref name='virStoragePoolGetName'/>
<ref name='virStoragePoolGetUUID'/>
<ref name='virStoragePoolGetUUIDString'/>
@@ -2040,6 +2131,8 @@
<ref name='virStorageVolLookupByPath'/>
</word>
<word name='Fetches'>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
<ref name='virStoragePoolGetAutostart'/>
<ref name='virStorageVolGetInfo'/>
</word>
@@ -2110,6 +2203,8 @@
<letter name='I'>
<word name='IDs'>
<ref name='virConnectListDomains'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
</word>
<word name='Increment'>
<ref name='virConnectRef'/>
@@ -2154,6 +2249,12 @@
</word>
</letter>
<letter name='L'>
+ <word name='LIBVIRT_AUTOSTART=0'>
+ <ref name='virConnectOpen'/>
+ </word>
+ <word name='LIBVIRT_DEFAULT_URI'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='Labeled'>
<ref name='VIR_SECURITY_LABEL_BUFLEN'/>
</word>
@@ -2171,6 +2272,7 @@
</word>
<word name='List'>
<ref name='_virConnectAuth'/>
+ <ref name='virSecretListSecrets'/>
</word>
<word name='Lists'>
<ref name='virNodeDeviceListCaps'/>
@@ -2282,6 +2384,12 @@
<ref name='virEventUpdateHandleFunc'/>
<ref name='virEventUpdateTimeoutFunc'/>
</word>
+ <word name='Place'>
+ <ref name='virSecretGetValue'/>
+ </word>
+ <word name='Pointer'>
+ <ref name='virSecretListSecrets'/>
+ </word>
<word name='Power'>
<ref name='virNodeDeviceReset'/>
</word>
@@ -2301,6 +2409,7 @@
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListStoragePools'/>
<ref name='virConnectNumOfDefinedDomains'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfDefinedNetworks'/>
<ref name='virConnectNumOfDefinedStoragePools'/>
<ref name='virConnectNumOfDomains'/>
@@ -2360,6 +2469,9 @@
<word name='Renamed'>
<ref name='virDomainCreateLinux'/>
</word>
+ <word name='Replaces'>
+ <ref name='virSecretSetXML'/>
+ </word>
<word name='Request'>
<ref name='virStoragePoolRefresh'/>
</word>
@@ -2394,6 +2506,8 @@
</word>
<word name='See'>
<ref name='virConnectGetType'/>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
</word>
<word name='Set'>
<ref name='virConnSetErrorFunc'/>
@@ -2413,6 +2527,9 @@
<ref name='virConnGetLastError'/>
<ref name='virDomainMigrate'/>
</word>
+ <word name='Size'>
+ <ref name='virSecretSetValue'/>
+ </word>
<word name='Some'>
<ref name='virDomainMigrate'/>
</word>
@@ -2548,6 +2665,8 @@
<ref name='virStoragePoolGetUUIDString'/>
</word>
</letter>
+ </chunk>
+ <chunk name='chunk2'>
<letter name='W'>
<word name='WARNING:'>
<ref name='virDomainGetConnect'/>
@@ -2567,8 +2686,6 @@
<ref name='virStorageVolGetConnect'/>
</word>
</letter>
- </chunk>
- <chunk name='chunk2'>
<letter name='X'>
<word name='Xen'>
<ref name='_virDomainBlockStats'/>
@@ -2584,6 +2701,8 @@
<ref name='virDomainMemoryPeek'/>
</word>
<word name='about'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
<ref name='virDomainGetInfo'/>
<ref name='virDomainGetUUIDString'/>
<ref name='virDomainGetVcpus'/>
@@ -2622,6 +2741,9 @@
<word name='across'>
<ref name='virStorageVolGetPath'/>
</word>
+ <word name='activate'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='activated'>
<ref name='virNodeGetSecurityModel'/>
</word>
@@ -2629,11 +2751,14 @@
<ref name='VIR_NODEINFO_MAXCPUS'/>
<ref name='_virNodeInfo'/>
<ref name='virConnectListDomains'/>
+ <ref name='virConnectListInterfaces'/>
<ref name='virConnectListNetworks'/>
<ref name='virConnectListStoragePools'/>
<ref name='virConnectNumOfDomains'/>
+ <ref name='virConnectNumOfInterfaces'/>
<ref name='virConnectNumOfNetworks'/>
<ref name='virConnectNumOfStoragePools'/>
+ <ref name='virConnectOpen'/>
<ref name='virDomainGetSecurityLabel'/>
<ref name='virDomainSuspend'/>
<ref name='virStoragePoolDestroy'/>
@@ -2700,6 +2825,8 @@
<ref name='virNetworkRef'/>
<ref name='virNodeDeviceGetXMLDesc'/>
<ref name='virNodeDeviceRef'/>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretSetXML'/>
<ref name='virStoragePoolFree'/>
<ref name='virStoragePoolGetXMLDesc'/>
<ref name='virStoragePoolRef'/>
@@ -2720,6 +2847,8 @@
<ref name='virDomainSuspend'/>
<ref name='virNodeGetCellsFreeMemory'/>
<ref name='virNodeGetInfo'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
</word>
<word name='allocation'>
<ref name='_virStoragePoolInfo'/>
@@ -2735,6 +2864,7 @@
<ref name='virDomainMemoryPeek'/>
</word>
<word name='already'>
+ <ref name='virConnectOpen'/>
<ref name='virDomainDefineXML'/>
<ref name='virDomainDestroy'/>
<ref name='virNetworkDestroy'/>
@@ -2766,6 +2896,7 @@
</word>
<word name='any'>
<ref name='virNodeDeviceDettach'/>
+ <ref name='virSecretSetXML'/>
<ref name='virStoragePoolDestroy'/>
</word>
<word name='anymore'>
@@ -2826,6 +2957,7 @@
<ref name='virNetworkRef'/>
<ref name='virNodeDeviceRef'/>
<ref name='virNodeDeviceReset'/>
+ <ref name='virSecretSetXML'/>
<ref name='virSetErrorFunc'/>
<ref name='virStoragePoolRef'/>
<ref name='virStorageVolCreateXMLFrom'/>
@@ -2860,11 +2992,15 @@
<ref name='virInterfaceUndefine'/>
<ref name='virNetworkDestroy'/>
<ref name='virNetworkGetConnect'/>
+ <ref name='virSecretGetValue'/>
<ref name='virStoragePoolDestroy'/>
<ref name='virStoragePoolFree'/>
<ref name='virStoragePoolGetConnect'/>
<ref name='virStorageVolGetConnect'/>
</word>
+ <word name='associating'>
+ <ref name='virSecretAllocateID'/>
+ </word>
<word name='assumed'>
<ref name='virDomainGetVcpus'/>
<ref name='virGetVersion'/>
@@ -2887,6 +3023,11 @@
<ref name='virConnectGetMaxVcpus'/>
<ref name='virDomainBlockStats'/>
</word>
+ <word name='attributes'>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetXML'/>
+ <ref name='virSecretSetXML'/>
+ </word>
<word name='authentication'>
<ref name='virConnectOpenAuth'/>
</word>
@@ -2894,6 +3035,7 @@
<ref name='virConnectFindStoragePoolSources'/>
</word>
<word name='automatically'>
+ <ref name='virConnectOpen'/>
<ref name='virDomainGetAutostart'/>
<ref name='virDomainSetAutostart'/>
<ref name='virNetworkGetAutostart'/>
@@ -3115,6 +3257,9 @@
<ref name='virNodeDeviceRef'/>
<ref name='virNodeGetCellsFreeMemory'/>
<ref name='virSaveLastError'/>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
<ref name='virStoragePoolRef'/>
<ref name='virStorageVolRef'/>
</word>
@@ -3142,6 +3287,9 @@
<ref name='virConnectDomainEventRegister'/>
<ref name='virConnectGetURI'/>
<ref name='virConnectGetVersion'/>
+ <ref name='virConnectOpen'/>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
<ref name='virCopyLastError'/>
<ref name='virDomainGetInfo'/>
<ref name='virDomainMemoryPeek'/>
@@ -3244,6 +3392,7 @@
</word>
<word name='collect'>
<ref name='_virConnectAuth'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDomains'/>
<ref name='virConnectListInterfaces'/>
<ref name='virConnectListNetworks'/>
@@ -3308,6 +3457,9 @@
<word name='connected'>
<ref name='virConnectGetHostname'/>
</word>
+ <word name='connecting'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='consequent'>
<ref name='_virError'/>
</word>
@@ -3323,6 +3475,7 @@
<ref name='virDomainCreateLinux'/>
<ref name='virDomainCreateXML'/>
<ref name='virNodeDeviceCreateXML'/>
+ <ref name='virSecretSetXML'/>
</word>
<word name='contains'>
<ref name='virStoragePoolLookupByVolume'/>
@@ -3429,7 +3582,6 @@
<word name='creation'>
<ref name='virStoragePoolCreateXML'/>
<ref name='virStoragePoolDefineXML'/>
- <ref name='virStoragePoolUndefine'/>
<ref name='virStorageVolCreateXML'/>
<ref name='virStorageVolCreateXMLFrom'/>
</word>
@@ -3448,12 +3600,16 @@
<ref name='virNodeDeviceDettach'/>
<ref name='virNodeDeviceReAttach'/>
<ref name='virNodeDeviceReset'/>
+ <ref name='virSecretNumOfSecrets'/>
<ref name='virStoragePoolRefresh'/>
</word>
</letter>
</chunk>
<chunk name='chunk4'>
<letter name='d'>
+ <word name='daemon'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='data'>
<ref name='virConnSetErrorFunc'/>
<ref name='virConnectDomainEventCallback'/>
@@ -3494,6 +3650,7 @@
<word name='default'>
<ref name='_virConnectCredential'/>
<ref name='virConnSetErrorFunc'/>
+ <ref name='virConnectOpen'/>
<ref name='virDomainMigrate'/>
<ref name='virSetErrorFunc'/>
</word>
@@ -3502,13 +3659,17 @@
</word>
<word name='defined'>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectNumOfDefinedDomains'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virDomainCreate'/>
<ref name='virDomainUndefine'/>
<ref name='virInterfaceCreate'/>
<ref name='virInterfaceUndefine'/>
<ref name='virNetworkCreate'/>
<ref name='virNetworkUndefine'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
</word>
<word name='defining'>
<ref name='virConnectGetCapabilities'/>
@@ -3542,6 +3703,7 @@
<ref name='virConnectDomainXMLFromNative'/>
<ref name='virConnectDomainXMLToNative'/>
<ref name='virNodeDeviceGetXMLDesc'/>
+ <ref name='virSecretGetXML'/>
<ref name='virStoragePoolGetXMLDesc'/>
<ref name='virStorageVolGetXMLDesc'/>
</word>
@@ -3583,6 +3745,7 @@
<ref name='virConnectDomainEventCallback'/>
</word>
<word name='determine'>
+ <ref name='virConnectOpen'/>
<ref name='virDomainBlockPeek'/>
</word>
<word name='determines'>
@@ -3620,6 +3783,9 @@
<ref name='virDomainCreateXML'/>
<ref name='virStoragePoolCreateXML'/>
</word>
+ <word name='discarded'>
+ <ref name='virSecretSetXML'/>
+ </word>
<word name='discover'>
<ref name='virConnectFindStoragePoolSources'/>
</word>
@@ -3647,6 +3813,7 @@
<ref name='virConnectDomainXMLToNative'/>
<ref name='virConnectFindStoragePoolSources'/>
<ref name='virNodeDeviceGetXMLDesc'/>
+ <ref name='virSecretGetXML'/>
<ref name='virStoragePoolGetXMLDesc'/>
<ref name='virStorageVolGetXMLDesc'/>
</word>
@@ -3691,6 +3858,7 @@
<ref name='virDomainBlockPeek'/>
</word>
<word name='done'>
+ <ref name='virConnectOpen'/>
<ref name='virDomainLookupByID'/>
</word>
<word name='down'>
@@ -3700,6 +3868,7 @@
<word name='driver'>
<ref name='virConnectGetCapabilities'/>
<ref name='virConnectGetURI'/>
+ <ref name='virConnectOpen'/>
<ref name='virDomainBlockPeek'/>
<ref name='virDomainMemoryPeek'/>
<ref name='virDomainMigrate'/>
@@ -3709,6 +3878,8 @@
<ref name='virNodeGetSecurityModel'/>
</word>
<word name='drivers'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
<ref name='virNodeDeviceDettach'/>
</word>
<word name='dummy'>
@@ -3737,6 +3908,7 @@
<letter name='e'>
<word name='each'>
<ref name='virConnectFindStoragePoolSources'/>
+ <ref name='virConnectOpen'/>
<ref name='virConnectRef'/>
<ref name='virDomainBlockStats'/>
<ref name='virDomainInterfaceStats'/>
@@ -3751,6 +3923,10 @@
<ref name='virStoragePoolRef'/>
<ref name='virStorageVolRef'/>
</word>
+ <word name='effect'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
+ </word>
<word name='either'>
<ref name='virNodeGetCellsFreeMemory'/>
<ref name='virStorageVolGetPath'/>
@@ -3788,6 +3964,11 @@
<word name='entries'>
<ref name='virNodeGetCellsFreeMemory'/>
</word>
+ <word name='environment'>
+ <ref name='virConnectOpen'/>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
+ </word>
<word name='errors'>
<ref name='virConnCopyLastError'/>
<ref name='virConnGetLastError'/>
@@ -3897,7 +4078,6 @@
<ref name='virSaveLastError'/>
<ref name='virStoragePoolCreateXML'/>
<ref name='virStoragePoolDefineXML'/>
- <ref name='virStoragePoolUndefine'/>
</word>
<word name='feature'>
<ref name='virDomainMigrate'/>
@@ -4024,65 +4204,6 @@
<ref name='virInterfaceLookupByMACString'/>
<ref name='virStoragePoolGetXMLDesc'/>
</word>
- <word name='found'>
- <ref name='virConnCopyLastError'/>
- <ref name='virConnectListDomains'/>
- <ref name='virConnectListInterfaces'/>
- <ref name='virConnectListNetworks'/>
- <ref name='virConnectNumOfDefinedDomains'/>
- <ref name='virConnectNumOfDefinedNetworks'/>
- <ref name='virConnectNumOfDefinedStoragePools'/>
- <ref name='virConnectNumOfDomains'/>
- <ref name='virConnectNumOfInterfaces'/>
- <ref name='virConnectNumOfNetworks'/>
- <ref name='virConnectNumOfStoragePools'/>
- <ref name='virCopyLastError'/>
- <ref name='virDomainLookupByID'/>
- <ref name='virDomainLookupByName'/>
- <ref name='virDomainLookupByUUID'/>
- <ref name='virDomainLookupByUUIDString'/>
- <ref name='virInterfaceLookupByMACString'/>
- <ref name='virInterfaceLookupByName'/>
- <ref name='virNetworkLookupByName'/>
- <ref name='virNetworkLookupByUUID'/>
- <ref name='virNetworkLookupByUUIDString'/>
- <ref name='virNodeDeviceLookupByName'/>
- <ref name='virNodeListDevices'/>
- <ref name='virStoragePoolLookupByName'/>
- <ref name='virStoragePoolLookupByUUID'/>
- <ref name='virStoragePoolLookupByUUIDString'/>
- <ref name='virStoragePoolLookupByVolume'/>
- <ref name='virStorageVolLookupByKey'/>
- <ref name='virStorageVolLookupByName'/>
- <ref name='virStorageVolLookupByPath'/>
- </word>
- <word name='free'>
- <ref name='_virStoragePoolInfo'/>
- <ref name='virConnCopyLastError'/>
- <ref name='virConnectDomainXMLFromNative'/>
- <ref name='virConnectDomainXMLToNative'/>
- <ref name='virConnectGetCapabilities'/>
- <ref name='virCopyLastError'/>
- <ref name='virDomainDestroy'/>
- <ref name='virDomainGetSchedulerType'/>
- <ref name='virDomainGetXMLDesc'/>
- <ref name='virEventAddHandleFunc'/>
- <ref name='virEventAddTimeoutFunc'/>
- <ref name='virFreeError'/>
- <ref name='virInterfaceDestroy'/>
- <ref name='virInterfaceGetXMLDesc'/>
- <ref name='virInterfaceUndefine'/>
- <ref name='virNetworkDestroy'/>
- <ref name='virNetworkGetBridgeName'/>
- <ref name='virNetworkGetXMLDesc'/>
- <ref name='virNodeGetCellsFreeMemory'/>
- <ref name='virNodeGetFreeMemory'/>
- <ref name='virSaveLastError'/>
- <ref name='virStoragePoolDelete'/>
- <ref name='virStoragePoolDestroy'/>
- <ref name='virStoragePoolFree'/>
- <ref name='virStoragePoolGetInfo'/>
- </word>
<word name='freeMems'>
<ref name='virNodeGetCellsFreeMemory'/>
</word>
@@ -4225,8 +4346,6 @@
<ref name='virNodeDeviceReset'/>
</word>
</letter>
- </chunk>
- <chunk name='chunk6'>
<letter name='h'>
<word name='handle'>
<ref name='virConnectDomainEventRegister'/>
@@ -4269,6 +4388,8 @@
<ref name='virStoragePoolDestroy'/>
</word>
<word name='have'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
<ref name='virConnectRef'/>
<ref name='virDomainBlockPeek'/>
<ref name='virDomainBlockStats'/>
@@ -4297,7 +4418,9 @@
</word>
<word name='host'>
<ref name='VIR_NODEINFO_MAXCPUS'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListInterfaces'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfInterfaces'/>
<ref name='virDomainCoreDump'/>
<ref name='virDomainCreateXML'/>
@@ -4343,6 +4466,8 @@
<ref name='virDomainMigrate'/>
</word>
</letter>
+ </chunk>
+ <chunk name='chunk6'>
<letter name='i'>
<word name='iSCSI'>
<ref name='virConnectFindStoragePoolSources'/>
@@ -4350,6 +4475,9 @@
<word name='identical'>
<ref name='virDomainCreateLinux'/>
</word>
+ <word name='ids'>
+ <ref name='virSecretListSecrets'/>
+ </word>
<word name='ie:'>
<ref name='cpumap'/>
<ref name='virDomainGetVcpus'/>
@@ -4386,9 +4514,11 @@
</word>
<word name='inactive'>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectNumOfDefinedDomains'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfDefinedNetworks'/>
<ref name='virConnectNumOfDefinedStoragePools'/>
<ref name='virDomainGetMaxVcpus'/>
@@ -4397,6 +4527,9 @@
<ref name='virStoragePoolDefineXML'/>
<ref name='virStoragePoolUndefine'/>
</word>
+ <word name='including'>
+ <ref name='virSecretDelete'/>
+ </word>
<word name='increased'>
<ref name='virDomainGetConnect'/>
<ref name='virInterfaceGetConnect'/>
@@ -4496,7 +4629,9 @@
<ref name='virConnectClose'/>
</word>
<word name='interfaces'>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListInterfaces'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfInterfaces'/>
<ref name='virDomainInterfaceStats'/>
</word>
@@ -4526,6 +4661,9 @@
<ref name='virNodeDeviceReAttach'/>
<ref name='virStoragePoolRefresh'/>
</word>
+ <word name='involves'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='isn'>
<ref name='virDomainGetVcpus'/>
</word>
@@ -4564,8 +4702,6 @@
<ref name='virStoragePoolDelete'/>
</word>
</letter>
- </chunk>
- <chunk name='chunk7'>
<letter name='j'>
<word name='join'>
<ref name='virNetworkGetBridgeName'/>
@@ -4647,6 +4783,9 @@
<word name='launch'>
<ref name='virDomainCreate'/>
</word>
+ <word name='launched'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='layer'>
<ref name='virStoragePoolRefresh'/>
</word>
@@ -4708,6 +4847,9 @@
<ref name='virStoragePoolGetConnect'/>
<ref name='virStorageVolGetConnect'/>
</word>
+ <word name='libvirtd'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='lie'>
<ref name='virDomainBlockPeek'/>
</word>
@@ -4735,6 +4877,7 @@
<word name='list'>
<ref name='virConnectFindStoragePoolSources'/>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListDomains'/>
@@ -4818,6 +4961,8 @@
<ref name='virDomainPinVcpu'/>
</word>
</letter>
+ </chunk>
+ <chunk name='chunk7'>
<letter name='m'>
<word name='machine'>
<ref name='virDomainGetAutostart'/>
@@ -5042,16 +5187,18 @@
<ref name='virNetworkGetBridgeName'/>
<ref name='virNetworkGetXMLDesc'/>
<ref name='virNodeGetCellsFreeMemory'/>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
</word>
<word name='mysterious'>
<ref name='_virDomainBlockStats'/>
</word>
</letter>
- </chunk>
- <chunk name='chunk8'>
<letter name='n'>
<word name='names'>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDefinedStoragePools'/>
<ref name='virConnectListInterfaces'/>
@@ -5059,6 +5206,7 @@
<ref name='virConnectListStoragePools'/>
<ref name='virNodeDeviceListCaps'/>
<ref name='virNodeListDevices'/>
+ <ref name='virSecretListSecrets'/>
<ref name='virStoragePoolListVolumes'/>
</word>
<word name='naming'>
@@ -5146,6 +5294,10 @@
<word name='note'>
<ref name='_virError'/>
</word>
+ <word name='notes'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
+ </word>
<word name='notified'>
<ref name='virEventRemoveHandleFunc'/>
<ref name='virEventUpdateHandleFunc'/>
@@ -5166,6 +5318,8 @@
<ref name='virInterfaceLookupByMACString'/>
</word>
</letter>
+ </chunk>
+ <chunk name='chunk8'>
<letter name='o'>
<word name='objects'>
<ref name='virDomainSetSchedulerParameters'/>
@@ -5210,6 +5364,7 @@
<word name='one'>
<ref name='_virDomainInfo'/>
<ref name='maplen'/>
+ <ref name='virConnectOpen'/>
<ref name='virDomainAttachDevice'/>
<ref name='virDomainBlockStats'/>
<ref name='virDomainCreateXML'/>
@@ -5248,6 +5403,13 @@
<ref name='virStoragePoolRef'/>
<ref name='virStorageVolRef'/>
</word>
+ <word name='opening'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
+ </word>
+ <word name='opens'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='operating'>
<ref name='virNodeDeviceDestroy'/>
</word>
@@ -5435,7 +5597,9 @@
<word name='physical'>
<ref name='VIR_CPU_MAPLEN'/>
<ref name='cpu'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListInterfaces'/>
+ <ref name='virConnectNumOfDefinedInterfaces'/>
<ref name='virConnectNumOfInterfaces'/>
<ref name='virDomainGetMaxMemory'/>
<ref name='virDomainSetMaxMemory'/>
@@ -5448,6 +5612,7 @@
<ref name='virConnectListDefinedDomains'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virDomainMemoryPeek'/>
+ <ref name='virSecretListSecrets'/>
</word>
<word name='pools'>
<ref name='virConnectFindStoragePoolSources'/>
@@ -5477,6 +5642,12 @@
<ref name='virInterfaceDefineXML'/>
<ref name='virNetworkDefineXML'/>
</word>
+ <word name='preference'>
+ <ref name='virConnectOpen'/>
+ </word>
+ <word name='prevented'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='previous'>
<ref name='virDomainDefineXML'/>
</word>
@@ -5484,6 +5655,11 @@
<ref name='cpumap'/>
<ref name='virNodeDeviceReAttach'/>
<ref name='virNodeDeviceReset'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
+ </word>
+ <word name='printable'>
+ <ref name='virSecretAllocateID'/>
</word>
<word name='printing'>
<ref name='virSetErrorFunc'/>
@@ -5501,6 +5677,9 @@
<ref name='virNetworkDestroy'/>
<ref name='virNodeDeviceDestroy'/>
</word>
+ <word name='probing'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='problem'>
<ref name='virDomainSave'/>
</word>
@@ -5529,6 +5708,7 @@
<ref name='virConnectListDefinedNetworks'/>
<ref name='virErrorFunc'/>
<ref name='virEventAddHandleFunc'/>
+ <ref name='virSecretListSecrets'/>
<ref name='virSetErrorFunc'/>
</word>
<word name='provides'>
@@ -5755,6 +5935,7 @@
<ref name='virStorageVolRef'/>
</word>
<word name='requires'>
+ <ref name='virConnectOpen'/>
<ref name='virDomainCreateXML'/>
<ref name='virDomainPinVcpu'/>
<ref name='virDomainResume'/>
@@ -5880,6 +6061,7 @@
<ref name='virConnectClose'/>
<ref name='virConnectGetHostname'/>
<ref name='virConnectGetVersion'/>
+ <ref name='virConnectOpen'/>
<ref name='virDomainCreate'/>
<ref name='virDomainDestroy'/>
<ref name='virDomainFree'/>
@@ -5943,6 +6125,22 @@
<ref name='virDomainMigrate'/>
<ref name='virStorageVolGetName'/>
</word>
+ <word name='secret'>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
+ </word>
+ <word name='secret_id'>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
+ </word>
<word name='security'>
<ref name='virDomainGetSecurityLabel'/>
<ref name='virNodeGetSecurityModel'/>
@@ -5974,6 +6172,7 @@
<word name='set'>
<ref name='VIR_USE_CPU'/>
<ref name='virConnectFindStoragePoolSources'/>
+ <ref name='virConnectOpen'/>
<ref name='virConnectOpenReadOnly'/>
<ref name='virDomainGetInfo'/>
<ref name='virDomainGetXMLDesc'/>
@@ -5990,6 +6189,7 @@
<ref name='virEventAddHandleFunc'/>
</word>
<word name='setting'>
+ <ref name='virConnectOpen'/>
<ref name='virStoragePoolSetAutostart'/>
</word>
<word name='shall'>
@@ -6091,6 +6291,7 @@
<ref name='virDomainMigrate'/>
<ref name='virNodeListDevices'/>
<ref name='virNodeNumOfDevices'/>
+ <ref name='virSecretSetXML'/>
</word>
<word name='specify'>
<ref name='virDomainMigrate'/>
@@ -6170,6 +6371,7 @@
<word name='store'>
<ref name='VIR_CPU_MAPLEN'/>
<ref name='virConnectListDefinedDomains'/>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDefinedNetworks'/>
<ref name='virConnectListDomains'/>
<ref name='virConnectListInterfaces'/>
@@ -6180,6 +6382,7 @@
<ref name='virInterfaceGetConnect'/>
<ref name='virNetworkGetConnect'/>
<ref name='virNodeListDevices'/>
+ <ref name='virSecretListSecrets'/>
<ref name='virStoragePoolGetAutostart'/>
<ref name='virStoragePoolGetConnect'/>
<ref name='virStoragePoolGetInfo'/>
@@ -6193,6 +6396,9 @@
<ref name='virConnectListDefinedDomains'/>
<ref name='virConnectListDefinedNetworks'/>
</word>
+ <word name='storing'>
+ <ref name='virSecretGetValue'/>
+ </word>
<word name='structure'>
<ref name='virDomainBlockStats'/>
<ref name='virDomainFree'/>
@@ -6218,6 +6424,9 @@
<ref name='virDomainSave'/>
<ref name='virNodeDeviceCreateXML'/>
</word>
+ <word name='successfully'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='such'>
<ref name='virConnCopyLastError'/>
<ref name='virConnGetLastError'/>
@@ -6230,6 +6439,7 @@
<ref name='virDomainBlockPeek'/>
</word>
<word name='suitable'>
+ <ref name='virConnectOpen'/>
<ref name='virDomainMigrate'/>
<ref name='virStoragePoolGetXMLDesc'/>
</word>
@@ -6318,6 +6528,7 @@
<ref name='virDomainSetSchedulerParameters'/>
</word>
<word name='their'>
+ <ref name='virConnectListDefinedInterfaces'/>
<ref name='virConnectListDomains'/>
<ref name='virConnectListInterfaces'/>
<ref name='virConnectListNetworks'/>
@@ -6329,6 +6540,7 @@
<ref name='virConnGetLastError'/>
<ref name='virConnectGetHostname'/>
<ref name='virConnectGetURI'/>
+ <ref name='virConnectOpen'/>
<ref name='virConnectOpenReadOnly'/>
<ref name='virDomainGetMaxMemory'/>
<ref name='virDomainGetVcpus'/>
@@ -6449,6 +6661,12 @@
<ref name='virDomainBlockPeek'/>
<ref name='virDomainMigrate'/>
</word>
+ <word name='trying'>
+ <ref name='virConnectOpen'/>
+ </word>
+ <word name='turn'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='two'>
<ref name='virDomainMigrate'/>
<ref name='virGetVersion'/>
@@ -6524,6 +6742,9 @@
<word name='unknown'>
<ref name='virGetVersion'/>
</word>
+ <word name='unprivileged'>
+ <ref name='virConnectOpen'/>
+ </word>
<word name='unregistered'>
<ref name='virEventAddHandleFunc'/>
<ref name='virEventAddTimeoutFunc'/>
@@ -6536,6 +6757,7 @@
<ref name='virNodeGetCellsFreeMemory'/>
</word>
<word name='until'>
+ <ref name='virConnectOpen'/>
<ref name='virConnectRef'/>
<ref name='virDomainDefineXML'/>
<ref name='virDomainRef'/>
@@ -6672,34 +6894,18 @@
<word name='valid'>
<ref name='virConnectDomainEventRegister'/>
</word>
- <word name='value'>
- <ref name='VIR_CPU_USABLE'/>
- <ref name='VIR_SECURITY_LABEL_BUFLEN'/>
- <ref name='_virVcpuInfo'/>
- <ref name='virConnectDomainXMLFromNative'/>
- <ref name='virConnectDomainXMLToNative'/>
- <ref name='virConnectGetMaxVcpus'/>
- <ref name='virConnectGetVersion'/>
- <ref name='virDomainGetAutostart'/>
- <ref name='virDomainGetSchedulerParameters'/>
- <ref name='virDomainGetSchedulerType'/>
- <ref name='virDomainGetXMLDesc'/>
- <ref name='virDomainSetSchedulerParameters'/>
- <ref name='virEventAddTimeoutFunc'/>
- <ref name='virEventUpdateTimeoutFunc'/>
- <ref name='virGetVersion'/>
- <ref name='virInterfaceGetXMLDesc'/>
- <ref name='virNetworkGetAutostart'/>
- <ref name='virNetworkGetBridgeName'/>
- <ref name='virNetworkGetXMLDesc'/>
- <ref name='virNodeGetFreeMemory'/>
- <ref name='virStoragePoolGetAutostart'/>
- </word>
<word name='values'>
<ref name='_virConnectAuth'/>
<ref name='virDomainGetSchedulerParameters'/>
<ref name='virGetVersion'/>
</word>
+ <word name='variable'>
+ <ref name='virConnectOpen'/>
+ </word>
+ <word name='variables'>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
+ </word>
<word name='vcpu'>
<ref name='VIR_COPY_CPUMAP'/>
<ref name='VIR_CPU_USABLE'/>
@@ -6719,6 +6925,14 @@
</word>
<word name='virConnect'>
<ref name='virConnectDomainEventCallback'/>
+ <ref name='virSecretAllocateID'/>
+ <ref name='virSecretDelete'/>
+ <ref name='virSecretGetValue'/>
+ <ref name='virSecretGetXML'/>
+ <ref name='virSecretListSecrets'/>
+ <ref name='virSecretNumOfSecrets'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
</word>
<word name='virConnectClose'>
<ref name='virConnectRef'/>
@@ -6735,6 +6949,8 @@
</word>
<word name='virConnectOpen'>
<ref name='virConnectGetURI'/>
+ <ref name='virConnectOpenAuth'/>
+ <ref name='virConnectOpenReadOnly'/>
</word>
<word name='virConnectOpenReadOnly'>
<ref name='virConnectGetURI'/>
@@ -6908,7 +7124,6 @@
<ref name='virStoragePoolLookupByUUID'/>
<ref name='virStoragePoolLookupByUUIDString'/>
<ref name='virStoragePoolLookupByVolume'/>
- <ref name='virStoragePoolUndefine'/>
</word>
<word name='virStoragePoolState'>
<ref name='_virStoragePoolInfo'/>
@@ -6983,6 +7198,8 @@
<ref name='virEventRemoveTimeoutFunc'/>
<ref name='virGetVersion'/>
<ref name='virNodeDeviceFree'/>
+ <ref name='virSecretSetValue'/>
+ <ref name='virSecretSetXML'/>
<ref name='virStoragePoolRefresh'/>
</word>
<word name='watch'>
@@ -7054,6 +7271,7 @@
</word>
<word name='without'>
<ref name='virDomainSuspend'/>
+ <ref name='virSecretAllocateID'/>
</word>
<word name='won'>
<ref name='virDomainBlockPeek'/>
@@ -7107,6 +7325,7 @@
</word>
<word name='xml'>
<ref name='virConnectFindStoragePoolSources'/>
+ <ref name='virSecretSetXML'/>
</word>
<word name='xvda'>
<ref name='virDomainBlockStats'/>
@@ -7143,14 +7362,14 @@
</chunk>
<chunks>
<chunk name='chunk0' start='A' end='I'/>
- <chunk name='chunk1' start='J' end='W'/>
- <chunk name='chunk2' start='X' end='a'/>
+ <chunk name='chunk1' start='J' end='V'/>
+ <chunk name='chunk2' start='W' end='a'/>
<chunk name='chunk3' start='b' end='c'/>
<chunk name='chunk4' start='d' end='e'/>
- <chunk name='chunk5' start='f' end='g'/>
- <chunk name='chunk6' start='h' end='i'/>
- <chunk name='chunk7' start='j' end='m'/>
- <chunk name='chunk8' start='n' end='p'/>
+ <chunk name='chunk5' start='f' end='h'/>
+ <chunk name='chunk6' start='i' end='l'/>
+ <chunk name='chunk7' start='m' end='n'/>
+ <chunk name='chunk8' start='o' end='p'/>
<chunk name='chunk9' start='q' end='r'/>
<chunk name='chunk10' start='s' end='s'/>
<chunk name='chunk11' start='t' end='u'/>
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 10/20] Secret manipulation step 10: Add Python API
Sample session:
>> import libvirt
>> c = libvirt.open('qemu:///session')
>> c.virSecretListSecrets()
['12247729-47d2-a783-88ce-b329d4781cd3', 'reee', 'abc']
>> c.virSecretAllocateID()
'17427ed8-4040-b6c8-10ba-9cce86dc3d8f'
>>
c.virSecretDelete('17427ed8-4040-b6c8-10ba-9cce86dc3d8f')
0
>> c.virSecretSetXML('abc', "<secret
ephemeral='no' private='yes'>\n<description>Something for
use</description>\n<volume>/foo/bar</volume>\n</secret>\n")
0
>> c.virSecretGetXML('abc')
"<secret
ephemeral='no' private='yes'>\n <description>Something for
use</description>\n <volume>/foo/bar</volume>\n</secret>\n"
>> c.virSecretSetValue('reee', 'abc\0xx\xffx')
0
>> c.virSecretGetValue('reee')
'abc\x00xx\xffx'
---
python/generator.py | 6 +++
python/libvir.c | 98 +++++++++++++++++++++++++++++++++++++++++
python/libvirt-python-api.xml | 18 ++++++++
3 files changed, 122 insertions(+), 0 deletions(-)
diff --git a/python/generator.py b/python/generator.py
index feff7a3..49b7f68 100755
--- a/python/generator.py
+++ b/python/generator.py
@@ -332,6 +332,9 @@ skip_impl = (
'virEventRegisterImpl',
'virNodeListDevices',
'virNodeDeviceListCaps',
+ 'virSecretGetValue',
+ 'virSecretListSecrets',
+ 'virSecretSetValue',
)
@@ -729,6 +732,9 @@ def nameFixup(name, classe, type, file):
elif name[0:19] == "virStorageVolLookup":
func = name[3:]
func = string.lower(func[0:1]) + func[1:]
+ elif name[0:9] == 'virSecret':
+ func = name[3:]
+ func = string.lower(func[0:1]) + func[1:]
elif name[0:12] == "virDomainGet":
func = name[12:]
func = string.lower(func[0:1]) + func[1:]
diff --git a/python/libvir.c b/python/libvir.c
index e210597..b91a801 100644
--- a/python/libvir.c
+++ b/python/libvir.c
@@ -1562,6 +1562,101 @@ libvirt_virNodeDeviceListCaps(PyObject *self ATTRIBUTE_UNUSED,
return(py_retval);
}
+static PyObject *
+libvirt_virSecretGetValue(PyObject *self ATTRIBUTE_UNUSED,
+ PyObject *args) {
+ PyObject *py_retval;
+ void *c_retval;
+ size_t size;
+ virConnectPtr conn;
+ const char *secret_id;
+ PyObject *pyobj_conn;
+
+ if (!PyArg_ParseTuple(args, (char *)"Oz:virSecreteGetValue",
&pyobj_conn,
+ &secret_id))
+ return NULL;
+ conn = (virConnectPtr) PyvirConnect_Get(pyobj_conn);
+
+ LIBVIRT_BEGIN_ALLOW_THREADS;
+ c_retval = virSecretGetValue(conn, secret_id, &size);
+ LIBVIRT_END_ALLOW_THREADS;
+
+ if (c_retval == NULL)
+ return VIR_PY_NONE;
+
+ py_retval = PyString_FromStringAndSize(c_retval, size);
+ memset(c_retval, 0, size);
+ free(c_retval);
+
+ return py_retval;
+}
+
+static PyObject *
+libvirt_virSecretListSecrets(PyObject *self ATTRIBUTE_UNUSED,
+ PyObject *args) {
+ PyObject *py_retval;
+ char **ids = NULL;
+ virConnectPtr conn;
+ int c_retval, i;
+ PyObject *pyobj_conn;
+
+ if (!PyArg_ParseTuple(args, (char *)"O:virSecretListSecrets",
&pyobj_conn))
+ return NULL;
+ conn = (virConnectPtr) PyvirConnect_Get(pyobj_conn);
+
+ LIBVIRT_BEGIN_ALLOW_THREADS;
+ c_retval = virSecretNumOfSecrets(conn);
+ LIBVIRT_END_ALLOW_THREADS;
+ if (c_retval < 0)
+ return VIR_PY_NONE;
+
+ if (c_retval) {
+ ids = malloc(sizeof(*ids) * c_retval);
+ if (!ids)
+ return VIR_PY_NONE;
+ LIBVIRT_BEGIN_ALLOW_THREADS;
+ c_retval = virSecretListSecrets(conn, ids, c_retval);
+ LIBVIRT_END_ALLOW_THREADS;
+ if (c_retval < 0) {
+ free(ids);
+ return VIR_PY_NONE;
+ }
+ }
+ py_retval = PyList_New(c_retval);
+
+ if (ids) {
+ for (i = 0;i < c_retval;i++) {
+ PyList_SetItem(py_retval, i, libvirt_constcharPtrWrap(ids[i]));
+ free(ids[i]);
+ }
+ free(ids);
+ }
+
+ return py_retval;
+}
+
+static PyObject *
+libvirt_virSecretSetValue(PyObject *self ATTRIBUTE_UNUSED,
+ PyObject *args) {
+ PyObject *py_retval;
+ int c_retval;
+ virConnectPtr conn;
+ PyObject *pyobj_conn;
+ const char *secret_id, *secret;
+ int size;
+
+ if (!PyArg_ParseTuple(args, (char *)"Ozz#:virSecretSetValue",
&pyobj_conn,
+ &secret_id, &secret, &size))
+ return(NULL);
+ conn = (virConnectPtr) PyvirConnect_Get(pyobj_conn);
+
+ LIBVIRT_BEGIN_ALLOW_THREADS;
+ c_retval = virSecretSetValue(conn, secret_id, secret, size);
+ LIBVIRT_END_ALLOW_THREADS;
+
+ py_retval = libvirt_intWrap(c_retval);
+ return(py_retval);
+}
/*******************************************
* Helper functions to avoid importing modules
@@ -2261,6 +2356,9 @@ static PyMethodDef libvirtMethods[] = {
{(char *) "virEventInvokeTimeoutCallback",
libvirt_virEventInvokeTimeoutCallback, METH_VARARGS, NULL},
{(char *) "virNodeListDevices", libvirt_virNodeListDevices, METH_VARARGS,
NULL},
{(char *) "virNodeDeviceListCaps", libvirt_virNodeDeviceListCaps,
METH_VARARGS, NULL},
+ {(char *) "virSecretGetValue", libvirt_virSecretGetValue, METH_VARARGS,
NULL},
+ {(char *) "virSecretListSecrets", libvirt_virSecretListSecrets,
METH_VARARGS, NULL},
+ {(char *) "virSecretSetValue", libvirt_virSecretSetValue, METH_VARARGS,
NULL},
{NULL, NULL, 0, NULL}
};
diff --git a/python/libvirt-python-api.xml b/python/libvirt-python-api.xml
index 43a5b4e..c1d6546 100644
--- a/python/libvirt-python-api.xml
+++ b/python/libvirt-python-api.xml
@@ -172,5 +172,23 @@
<arg name='dev' type='virNodeDevicePtr' info='pointer to the
node device'/>
<return type='str *' info='the list of Names or None in case of
error'/>
</function>
+ <function name='virSecretGetValue' file='libvirt'
module='libvirt'>
+ <info>Fetches the secret value associated with secret_id.</info>
+ <return type='char *' info='the secret value or None in case of
error'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ </function>
+ <function name='virSecretListSecrets' file='libvirt'
module='libvirt'>
+ <info>List the defined secret IDs</info>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <return type='str *' info='the list of secret IDs or None in case of
error'/>
+ </function>
+ <function name='virSecretSetValue' file='libvirt'
module='libvirt'>
+ <info>Associates a secret value with secret_id. Allocates secret_id if it
was not previously allocated.</info>
+ <return type='int' info='0 on success, -1 on failure.'/>
+ <arg name='conn' type='virConnectPtr' info='virConnect
connection'/>
+ <arg name='secret_id' type='const char *' info='A secret
ID'/>
+ <arg name='secret' type='const char *' info='The
secret'/>
+ </function>
</symbols>
</api>
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 11/20] Add volume encryption information handling.
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
Changes since the first submission;
- Use <secret type='passphrase' secret_id='...'>
instead of <passphrase> with in-line passphrase.
- Use a generic "sequence of secrets" representation.
- Output the <secret> elements unconditionally (they don't reveal the
secrets any more).
- Add format "default", to be used during volume creation only.
- Use "%s", _("...") for all error messages without parameters.
- Add a schema for <encryption>.
- Document <encryption>.
---
bootstrap | 1 +
docs/format.html | 4 +
docs/formatcaps.html | 4 +
docs/formatdomain.html | 4 +
docs/formatnetwork.html | 4 +
docs/formatnode.html | 4 +
docs/formatsecret.html | 4 +
docs/formatstorage.html | 4 +
docs/formatstorageencryption.html | 218 ++++++++++++++++++++++++++++++
docs/formatstorageencryption.html.in | 70 ++++++++++
docs/schemas/Makefile.am | 1 +
docs/schemas/storageencryption.rng | 37 +++++
docs/sitemap.html | 3 +
docs/sitemap.html.in | 4 +
po/POTFILES.in | 1 +
src/Makefile.am | 1 +
src/libvirt_private.syms | 5 +
src/storage_encryption.c | 241 ++++++++++++++++++++++++++++++++++
src/storage_encryption.h | 72 ++++++++++
19 files changed, 682 insertions(+), 0 deletions(-)
create mode 100644 docs/formatstorageencryption.html
create mode 100644 docs/formatstorageencryption.html.in
create mode 100644 docs/schemas/storageencryption.rng
create mode 100644 src/storage_encryption.c
create mode 100644 src/storage_encryption.h
diff --git a/bootstrap b/bootstrap
index 8b81e0e..885b299 100755
--- a/bootstrap
+++ b/bootstrap
@@ -65,6 +65,7 @@ gnulib_tool=$GNULIB_SRCDIR/gnulib-tool
<$gnulib_tool || exit
modules='
+base64
c-ctype
close
connect
diff --git a/docs/format.html b/docs/format.html
index 8aed8d3..dbdc1e7 100644
--- a/docs/format.html
+++ b/docs/format.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
diff --git a/docs/formatcaps.html b/docs/formatcaps.html
index 8e2e5d1..cb8130b 100644
--- a/docs/formatcaps.html
+++ b/docs/formatcaps.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<span class="active">Capabilities</span>
</div>
</li><li>
diff --git a/docs/formatdomain.html b/docs/formatdomain.html
index bbce989..f2d7855 100644
--- a/docs/formatdomain.html
+++ b/docs/formatdomain.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
diff --git a/docs/formatnetwork.html b/docs/formatnetwork.html
index 6049492..87f15f7 100644
--- a/docs/formatnetwork.html
+++ b/docs/formatnetwork.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
diff --git a/docs/formatnode.html b/docs/formatnode.html
index cca75ff..ea9c95a 100644
--- a/docs/formatnode.html
+++ b/docs/formatnode.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
diff --git a/docs/formatsecret.html b/docs/formatsecret.html
index 8c6e0c6..53307a3 100644
--- a/docs/formatsecret.html
+++ b/docs/formatsecret.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
diff --git a/docs/formatstorage.html b/docs/formatstorage.html
index e21e3d2..19936ae 100644
--- a/docs/formatstorage.html
+++ b/docs/formatstorage.html
@@ -64,6 +64,10 @@
</div>
</li><li>
<div>
+ <a title="Storage volume encryption XML format"
class="inactive" href="formatstorageencryption.html">Storage
Encryption</a>
+ </div>
+ </li><li>
+ <div>
<a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
diff --git a/docs/formatstorageencryption.html b/docs/formatstorageencryption.html
new file mode 100644
index 0000000..dd7add2
--- /dev/null
+++ b/docs/formatstorageencryption.html
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<!--
+ This file is autogenerated from formatstorageencryption.html.in
+ Do not edit this file. Changes will be lost.
+ -->
+ <head>
+ <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1" />
+ <link rel="stylesheet" type="text/css"
href="main.css" />
+ <link rel="SHORTCUT ICON" href="32favicon.png" />
+ <title>libvirt: Storage volume encryption XML format</title>
+ <meta name="description" content="libvirt, virtualization,
virtualization API" />
+ </head>
+ <body>
+ <div id="header">
+ <div id="headerLogo"></div>
+ <div id="headerSearch">
+ <form action="search.php"
enctype="application/x-www-form-urlencoded"
method="get"><div>
+ <input id="query" name="query" type="text"
size="12" value="" />
+ <input id="submit" name="submit"
type="submit" value="Search" />
+ </div></form>
+ </div>
+ </div>
+ <div id="body">
+ <div id="menu">
+ <ul class="l0"><li>
+ <div>
+ <a title="Front page of the libvirt website"
class="inactive" href="index.html">Home</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Details of new features and bugs fixed in each
release" class="inactive" href="news.html">News</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Get the latest source releases, binary builds and get
access to the source repository" class="inactive"
href="downloads.html">Downloads</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Information for users, administrators and
developers" class="active"
href="docs.html">Documentation</a>
+ <ul class="l1"><li>
+ <div>
+ <a title="Information about deploying and using libvirt"
class="inactive" href="deployment.html">Deployment</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Overview of the logical subsystems in the libvirt
API" class="inactive"
href="intro.html">Architecture</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Description of the XML formats used in
libvirt" class="active" href="format.html">XML
format</a>
+ <ul class="l2"><li>
+ <div>
+ <a title="The domain XML format"
class="inactive" href="formatdomain.html">Domains</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The virtual network XML format"
class="inactive" href="formatnetwork.html">Networks</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The storage pool and volume XML format"
class="inactive" href="formatstorage.html">Storage</a>
+ </div>
+ </li><li>
+ <div>
+ <span class="active">Storage
Encryption</span>
+ </div>
+ </li><li>
+ <div>
+ <a title="The driver capabilities XML format"
class="inactive" href="formatcaps.html">Capabilities</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The host device XML format"
class="inactive" href="formatnode.html">Node Devices</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="The secret attribute XML format"
class="inactive" href="formatsecret.html">Secrets</a>
+ </div>
+ </li></ul>
+ </div>
+ </li><li>
+ <div>
+ <a title="Hypervisor specific driver information"
class="inactive" href="drivers.html">Drivers</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Reference manual for the C public API"
class="inactive" href="html/index.html">API reference</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Bindings of the libvirt API for other
languages" class="inactive" href="bindings.html">Language
bindings</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Working on the internals of libvirt API, driver and
daemon code" class="inactive"
href="internals.html">Internals</a>
+ </div>
+ </li></ul>
+ </div>
+ </li><li>
+ <div>
+ <a title="User contributed content" class="inactive"
href="http://wiki.libvirt.org">Wiki</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Frequently asked questions"
class="inactive" href="FAQ.html">FAQ</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="How and where to report bugs and request features"
class="inactive" href="bugs.html">Bug reports</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="How to contact the developers via email and IRC"
class="inactive" href="contact.html">Contact</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Miscellaneous links of interest related to libvirt"
class="inactive" href="relatedlinks.html">Related Links</a>
+ </div>
+ </li><li>
+ <div>
+ <a title="Overview of all content on the website"
class="inactive" href="sitemap.html">Sitemap</a>
+ </div>
+ </li></ul>
+ </div>
+ <div id="content">
+ <h1>Storage volume encryption XML format</h1>
+ <ul><li>
+ <a href="#StorageEncryption">Storage volume encryption
XML</a>
+ <ul><li>
+ <a
href="#StorageEncryptionUnencrypted">"unencrypted"
format</a>
+ </li><li>
+ <a href="#StorageEncryptionDefault">"default"
format</a>
+ </li><li>
+ <a href="#StorageEncryptionQcow">"qcow"
format</a>
+ </li></ul>
+ </li><li>
+ <a href="#example">Example</a>
+ </li></ul>
+ <h2>
+ <a name="StorageEncryption"
id="StorageEncryption">Storage volume encryption XML</a>
+ </h2>
+ <p>
+ Storage volumes may be encrypted, the XML snippet described below is used
+ to represent the details of the encryption. It can be used as a part
+ of a domain or storage configuration.
+ </p>
+ <p>
+ The top-level tag of volume encryption specification
+ is <code>encryption</code>, with a mandatory
+ attribute <code>format</code>. Currently defined values
+ of <code>format</code> are <code>unencrypted</code>,
<code>default</code>
+ and <code>qcow</code>. Each value of <code>format</code>
implies some
+ expectations about the content of the <code>encryption</code> tag.
Other
+ format values may be defined in the future.
+ </p>
+ <p>
+ The <code>encryption</code> tag can currently contain a sequence of
+ <code>secret</code> tags, each with mandatory attributes
<code>type</code>
+ and <code>secret_id</code>. The only currently defined value of
+ <code>type</code> is <code>passphrase</code>.
<code>secret_id</code>
+ refers to a secret known to libvirt. libvirt can use a secret value
+ previously set using <code>virSecretSetValue()</code>, or, if
supported
+ by the particular volume format and driver, automatically generate a
+ secret value at the time of volume creation, and store it using the
+ specified <code>secret_id</code>.
+ </p>
+ <p>
+ </p>
+ <h3>
+ <a name="StorageEncryptionUnencrypted"
id="StorageEncryptionUnencrypted">"unencrypted" format</a>
+ </h3>
+ <p>
+ Specifying an <code><encryption
type="unencrypted"/></code> is
+ equivalent to omitting the <code>encryption</code> tag altogether.
+ </p>
+ <h3>
+ <a name="StorageEncryptionDefault"
id="StorageEncryptionDefault">"default" format</a>
+ </h3>
+ <p>
+ <code><encryption type="default"/></code> can
be specified only
+ when creating a volume. If the volume is successfully created, the
+ encryption formats, parameters and secrets will be auto-generated by
+ libvirt and the attached <code>encryption</code> tag will be updated.
+ The unmodified contents of the <code>encryption</code> tag can be used
+ in later operations with the volume, or when setting up a domain that
+ uses the volume.
+ </p>
+ <h3>
+ <a name="StorageEncryptionQcow"
id="StorageEncryptionQcow">"qcow" format</a>
+ </h3>
+ <p>
+ The <code>qcow</code> format specifies that the built-in encryption
+ support in <code>qcow</code>- or
<code>qcow2</code>-formatted volume
+ images should be used. A single
+ <code><secret type='passphrase'></code> element
is expected. If
+ the <code>secret</code> element is not present during volume creation,
+ a secret is automatically generated and attached to the volume.
+ </p>
+ <h2>
+ <a name="example" id="example">Example</a>
+ </h2>
+ <p>
+ Here is a simple example, specifying use of the <code>qcow</code>
format:
+ </p>
+ <pre>
+ <encryption format='qcow'>
+ <secret type='passphrase'
secret_id='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' />
+ </encryption></pre>
+ </div>
+ </div>
+ <div id="footer">
+ <p id="sponsor">
+ Sponsored by:<br /><a href="http://et.redhat.com/"><img
src="et.png" alt="Project sponsored by Red Hat Emerging Technology"
/></a></p>
+ </div>
+ </body>
+</html>
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
new file mode 100644
index 0000000..739b018
--- /dev/null
+++ b/docs/formatstorageencryption.html.in
@@ -0,0 +1,70 @@
+<html>
+ <body>
+ <h1>Storage volume encryption XML format</h1>
+
+ <ul id="toc"></ul>
+
+ <h2><a name="StorageEncryption">Storage volume encryption
XML</a></h2>
+
+ <p>
+ Storage volumes may be encrypted, the XML snippet described below is used
+ to represent the details of the encryption. It can be used as a part
+ of a domain or storage configuration.
+ </p>
+ <p>
+ The top-level tag of volume encryption specification
+ is <code>encryption</code>, with a mandatory
+ attribute <code>format</code>. Currently defined values
+ of <code>format</code> are <code>unencrypted</code>,
<code>default</code>
+ and <code>qcow</code>. Each value of <code>format</code>
implies some
+ expectations about the content of the <code>encryption</code> tag.
Other
+ format values may be defined in the future.
+ </p>
+ <p>
+ The <code>encryption</code> tag can currently contain a sequence of
+ <code>secret</code> tags, each with mandatory attributes
<code>type</code>
+ and <code>secret_id</code>. The only currently defined value of
+ <code>type</code> is <code>passphrase</code>.
<code>secret_id</code>
+ refers to a secret known to libvirt. libvirt can use a secret value
+ previously set using <code>virSecretSetValue()</code>, or, if
supported
+ by the particular volume format and driver, automatically generate a
+ secret value at the time of volume creation, and store it using the
+ specified <code>secret_id</code>.
+ <p>
+ <h3><a
name="StorageEncryptionUnencrypted">"unencrypted"
format</a></h3>
+ <p>
+ Specifying an <code><encryption
type="unencrypted"/></code> is
+ equivalent to omitting the <code>encryption</code> tag altogether.
+ </p>
+ <h3><a name="StorageEncryptionDefault">"default"
format</a></h3>
+ <p>
+ <code><encryption type="default"/></code> can
be specified only
+ when creating a volume. If the volume is successfully created, the
+ encryption formats, parameters and secrets will be auto-generated by
+ libvirt and the attached <code>encryption</code> tag will be updated.
+ The unmodified contents of the <code>encryption</code> tag can be used
+ in later operations with the volume, or when setting up a domain that
+ uses the volume.
+ </p>
+ <h3><a name="StorageEncryptionQcow">"qcow"
format</a></h3>
+ <p>
+ The <code>qcow</code> format specifies that the built-in encryption
+ support in <code>qcow</code>- or
<code>qcow2</code>-formatted volume
+ images should be used. A single
+ <code><secret type='passphrase'></code> element
is expected. If
+ the <code>secret</code> element is not present during volume creation,
+ a secret is automatically generated and attached to the volume.
+ </p>
+
+ <h2><a name="example">Example</a></h2>
+
+ <p>
+ Here is a simple example, specifying use of the <code>qcow</code>
format:
+ </p>
+
+ <pre>
+ <encryption format='qcow'>
+ <secret type='passphrase'
secret_id='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' />
+ </encryption></pre>
+ </body>
+</html>
diff --git a/docs/schemas/Makefile.am b/docs/schemas/Makefile.am
index a064518..c217d69 100644
--- a/docs/schemas/Makefile.am
+++ b/docs/schemas/Makefile.am
@@ -6,6 +6,7 @@ schema_DATA = \
interface.rng \
network.rng \
secret.rng \
+ storageencryption.rng \
storagepool.rng \
storagevol.rng \
nodedev.rng \
diff --git a/docs/schemas/storageencryption.rng b/docs/schemas/storageencryption.rng
new file mode 100644
index 0000000..69a2841
--- /dev/null
+++ b/docs/schemas/storageencryption.rng
@@ -0,0 +1,37 @@
+<!-- A Relax NG schema for the libvirt volume encryption XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+ <define name='encryption'>
+ <optional>
+ <element name='encryption'>
+ <attribute name='format'>
+ <choice>
+ <value>unencrypted</value>
+ <value>default</value>
+ <value>qcow</value>
+ </choice>
+ </attribute>
+ <zeroOrMore>
+ <ref name='secret'/>
+ </zeroOrMore>
+ </element>
+ </optional>
+ </define>
+
+ <define name='secret'>
+ <element name='secret'>
+ <attribute name='type'>
+ <choice>
+ <value>passphrase</value>
+ </choice>
+ </attribute>
+ <optional>
+ <attribute name='secret_id'>
+ <text/>
+ </attribute>
+ </optional>
+ </element>
+ </define>
+
+</grammar>
diff --git a/docs/sitemap.html b/docs/sitemap.html
index cf43088..21516be 100644
--- a/docs/sitemap.html
+++ b/docs/sitemap.html
@@ -136,6 +136,9 @@
<a href="formatstorage.html">Storage</a>
<span>The storage pool and volume XML format</span>
</li><li>
+ <a href="formatstorageencryption.html">Storage
Encryption</a>
+ <span>Storage volume encryption XML format</span>
+ </li><li>
<a href="formatcaps.html">Capabilities</a>
<span>The driver capabilities XML format</span>
</li><li>
diff --git a/docs/sitemap.html.in b/docs/sitemap.html.in
index 4c4dfa4..cb0cb89 100644
--- a/docs/sitemap.html.in
+++ b/docs/sitemap.html.in
@@ -99,6 +99,10 @@
<span>The storage pool and volume XML format</span>
</li>
<li>
+ <a href="formatstorageencryption.html">Storage
Encryption</a>
+ <span>Storage volume encryption XML format</span>
+ </li>
+ <li>
<a href="formatcaps.html">Capabilities</a>
<span>The driver capabilities XML format</span>
</li>
diff --git a/po/POTFILES.in b/po/POTFILES.in
index cf0ec8d..36b83a2 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -40,6 +40,7 @@ src/storage_backend_logical.c
src/storage_backend_scsi.c
src/storage_conf.c
src/storage_driver.c
+src/storage_encryption.c
src/test.c
src/uml_conf.c
src/uml_driver.c
diff --git a/src/Makefile.am b/src/Makefile.am
index ce33695..2c1c9b4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -52,6 +52,7 @@ UTIL_SOURCES = \
memory.c memory.h \
pci.c pci.h \
qparams.c qparams.h \
+ storage_encryption.h storage_encryption.c \
threads.c threads.h \
threads-pthread.h \
threads-win32.h \
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 343a71e..de4e413 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -332,6 +332,11 @@ virStoragePartedFsTypeTypeToString;
virStoragePoolObjLock;
virStoragePoolObjUnlock;
+virStorageEncryptionFree;
+virStorageEncryptionDropSecrets;
+virStorageEncryptionParseNode;
+virStorageEncryptionFormat;
+
# threads.h
virMutexInit;
diff --git a/src/storage_encryption.c b/src/storage_encryption.c
new file mode 100644
index 0000000..15caafd
--- /dev/null
+++ b/src/storage_encryption.c
@@ -0,0 +1,241 @@
+/*
+ * storage_encryption.h: volume encryption information
+ *
+ * Copyright (C) 2009 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Red Hat Author: Miloslav Trmač <mitr(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include "internal.h"
+
+#include "base64.h"
+#include "buf.h"
+#include "memory.h"
+#include "storage_conf.h"
+#include "storage_encryption.h"
+#include "util.h"
+#include "xml.h"
+#include "virterror_internal.h"
+
+#define VIR_FROM_THIS VIR_FROM_STORAGE
+
+VIR_ENUM_IMPL(virStorageEncryptionSecretType,
+ VIR_STORAGE_ENCRYPTION_SECRET_TYPE_LAST, "passphrase")
+
+VIR_ENUM_IMPL(virStorageEncryptionFormat,
+ VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
+ "unencrypted", "default", "qcow")
+
+static void
+virStorageEncryptionSecretFree(virStorageEncryptionSecretPtr secret)
+{
+ if (!secret)
+ return;
+ VIR_FREE(secret->secret_id);
+ VIR_FREE(secret);
+}
+
+void
+virStorageEncryptionFree(virStorageEncryptionPtr enc)
+{
+ size_t i;
+
+ if (!enc)
+ return;
+
+ for (i = 0; i < enc->nsecrets; i++)
+ virStorageEncryptionSecretFree(enc->secrets[i]);
+ VIR_FREE(enc->secrets);
+ VIR_FREE(enc);
+}
+
+static virStorageEncryptionSecretPtr
+virStorageEncryptionSecretParse(virConnectPtr conn, xmlXPathContextPtr ctxt,
+ xmlNodePtr node)
+{
+ xmlNodePtr old_node;
+ virStorageEncryptionSecretPtr ret;
+ char *type_str;
+ int type;
+
+ if (VIR_ALLOC(ret) < 0) {
+ virReportOOMError(conn);
+ return NULL;
+ }
+
+ old_node = ctxt->node;
+ ctxt->node = node;
+
+ type_str = virXPathString(conn, "string(./@type)", ctxt);
+ if (type_str == NULL) {
+ virStorageReportError(conn, VIR_ERR_XML_ERROR, "%s",
+ _("unknown volume encryption secret type"));
+ goto cleanup;
+ }
+ type = virStorageEncryptionSecretTypeTypeFromString(type_str);
+ if (type < 0) {
+ virStorageReportError(conn, VIR_ERR_XML_ERROR,
+ _("unknown volume encryption secret type %s"),
+ type_str);
+ VIR_FREE(type_str);
+ goto cleanup;
+ }
+ VIR_FREE(type_str);
+ ret->type = type;
+
+ ret->secret_id = virXPathString(conn, "string(./@secret_id)", ctxt);
+ ctxt->node = old_node;
+ return ret;
+
+ cleanup:
+ virStorageEncryptionSecretFree(ret);
+ ctxt->node = old_node;
+ return NULL;
+}
+
+static virStorageEncryptionPtr
+virStorageEncryptionParseXML(virConnectPtr conn, xmlXPathContextPtr ctxt)
+{
+ xmlNodePtr *nodes = NULL;
+ virStorageEncryptionPtr ret;
+ char *format_str;
+ int format, i, n;
+
+ if (VIR_ALLOC(ret) < 0) {
+ virReportOOMError(conn);
+ return NULL;
+ }
+
+ format_str = virXPathString(conn, "string(./@format)", ctxt);
+ if (format_str == NULL) {
+ virStorageReportError(conn, VIR_ERR_XML_ERROR, "%s",
+ _("unknown volume encryption format"));
+ goto cleanup;
+ }
+ format = virStorageEncryptionFormatTypeFromString(format_str);
+ if (format < 0) {
+ virStorageReportError(conn, VIR_ERR_XML_ERROR,
+ _("unknown volume encryption format type %s"),
+ format_str);
+ VIR_FREE(format_str);
+ goto cleanup;
+ }
+ VIR_FREE(format_str);
+ ret->format = format;
+
+ n = virXPathNodeSet(conn, "./secret", ctxt, &nodes);
+ if (n < 0){
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("cannot extract volume encryption secrets"));
+ goto cleanup;
+ }
+ if (n != 0 && VIR_ALLOC_N(ret->secrets, n) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ ret->nsecrets = n;
+ for (i = 0; i < n; i++) {
+ ret->secrets[i] = virStorageEncryptionSecretParse(conn, ctxt, nodes[i]);
+ if (ret->secrets[i] == NULL)
+ goto cleanup;
+ }
+ VIR_FREE(nodes);
+
+ return ret;
+
+ cleanup:
+ VIR_FREE(nodes);
+ virStorageEncryptionFree(ret);
+ return NULL;
+}
+
+virStorageEncryptionPtr
+virStorageEncryptionParseNode(virConnectPtr conn,
+ xmlDocPtr xml, xmlNodePtr root)
+{
+ xmlXPathContextPtr ctxt = NULL;
+ virStorageEncryptionPtr enc = NULL;
+
+ if (STRNEQ((const char *) root->name, "encryption")) {
+ virStorageReportError(conn, VIR_ERR_XML_ERROR,
+ "%s", _("unknown root element for volume
"
+ "encryption information"));
+ goto cleanup;
+ }
+
+ ctxt = xmlXPathNewContext(xml);
+ if (ctxt == NULL) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
+ ctxt->node = root;
+ enc = virStorageEncryptionParseXML(conn, ctxt);
+
+ cleanup:
+ xmlXPathFreeContext(ctxt);
+ return enc;
+}
+
+static int
+virStorageEncryptionSecretFormat(virConnectPtr conn,
+ virBufferPtr buf,
+ virStorageEncryptionSecretPtr secret)
+{
+ const char *type;
+
+ type = virStorageEncryptionSecretTypeTypeToString(secret->type);
+ if (!type) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("unexpected volume encryption secret type"));
+ return -1;
+ }
+
+ virBufferVSprintf(buf, " <secret type='%s'", type);
+ if (secret->secret_id != NULL)
+ virBufferEscapeString(buf, " secret_id='%s'",
secret->secret_id);
+ virBufferAddLit(buf, "/>\n");
+ return 0;
+}
+
+int
+virStorageEncryptionFormat(virConnectPtr conn,
+ virBufferPtr buf,
+ virStorageEncryptionPtr enc)
+{
+ const char *format;
+ size_t i;
+
+ format = virStorageEncryptionFormatTypeToString(enc->format);
+ if (!format) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ "%s", _("unexpected encryption
format"));
+ return -1;
+ }
+ virBufferVSprintf(buf, " <encryption format='%s'>\n",
format);
+
+ for (i = 0; i < enc->nsecrets; i++) {
+ if (virStorageEncryptionSecretFormat(conn, buf, enc->secrets[i]) < 0)
+ return -1;
+ }
+
+ virBufferAddLit(buf, " </encryption>\n");
+
+ return 0;
+}
diff --git a/src/storage_encryption.h b/src/storage_encryption.h
new file mode 100644
index 0000000..3153ec8
--- /dev/null
+++ b/src/storage_encryption.h
@@ -0,0 +1,72 @@
+/*
+ * storage_encryption.h: volume encryption information
+ *
+ * Copyright (C) 2009 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Red Hat Author: Miloslav Trmač <mitr(a)redhat.com>
+ */
+
+#ifndef __VIR_STORAGE_ENCRYPTION_H__
+#define __VIR_STORAGE_ENCRYPTION_H__
+
+#include "internal.h"
+#include "buf.h"
+#include "util.h"
+
+#include <stdbool.h>
+#include <libxml/tree.h>
+
+enum virStorageEncryptionSecretType {
+ VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE = 0,
+
+ VIR_STORAGE_ENCRYPTION_SECRET_TYPE_LAST
+};
+VIR_ENUM_DECL(virStorageEncryptionSecretType)
+
+typedef struct _virStorageEncryptionSecret virStorageEncryptionSecret;
+typedef virStorageEncryptionSecret *virStorageEncryptionSecretPtr;
+struct _virStorageEncryptionSecret {
+ int type; /* enum virStorageEncryptionSecretType */
+ char *secret_id;
+};
+
+enum virStorageEncryptionFormat {
+ VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED = 0,
+ VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT, /* Only valid for volume creation */
+ VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
+
+ VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
+};
+VIR_ENUM_DECL(virStorageEncryptionFormat)
+
+typedef struct _virStorageEncryption virStorageEncryption;
+typedef virStorageEncryption *virStorageEncryptionPtr;
+struct _virStorageEncryption {
+ int format; /* enum virStorageEncryptionFormat */
+
+ size_t nsecrets;
+ virStorageEncryptionSecretPtr *secrets;
+};
+
+void virStorageEncryptionFree(virStorageEncryptionPtr enc);
+virStorageEncryptionPtr virStorageEncryptionParseNode(virConnectPtr conn,
+ xmlDocPtr xml,
+ xmlNodePtr root);
+int virStorageEncryptionFormat(virConnectPtr conn, virBufferPtr buf,
+ virStorageEncryptionPtr enc);
+
+#endif /* __VIR_STORAGE_ENCRYPTION_H__ */
--
1.6.2.5
11:35 a.m.
New subject: [libvirt] [PATCH 11/20] Add volume encryption information handling.
On Tue, Aug 04, 2009 at 10:28:26PM +0200, Miloslav Trma?? wrote:
Define an <encryption> tag specifying volume encryption format
and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
Changes since the first submission;
- Use <secret type='passphrase' secret_id='...'>
instead of <passphrase> with in-line passphrase.
- Use a generic "sequence of secrets" representation.
- Output the <secret> elements unconditionally (they don't reveal the
secrets any more).
- Add format "default", to be used during volume creation only.
- Use "%s", _("...") for all error messages without parameters.
- Add a schema for <encryption>.
- Document <encryption>.
diff --git a/docs/schemas/storageencryption.rng
b/docs/schemas/storageencryption.rng
new file mode 100644
index 0000000..69a2841
--- /dev/null
+++ b/docs/schemas/storageencryption.rng
@@ -0,0 +1,37 @@
+<!-- A Relax NG schema for the libvirt volume encryption XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+ <define name='encryption'>
+ <optional>
+ <element name='encryption'>
+ <attribute name='format'>
+ <choice>
+ <value>unencrypted</value>
+ <value>default</value>
+ <value>qcow</value>
+ </choice>
+ </attribute>
I don't think we should include 'unencrypted' here. If a volume is
not encrypted, we should simply omit the <encryption> element
entirely in the domain / storage volume XML doc.
+ <zeroOrMore>
+ <ref name='secret'/>
+ </zeroOrMore>
+ </element>
+ </optional>
+ </define>
+
+ <define name='secret'>
+ <element name='secret'>
+ <attribute name='type'>
+ <choice>
+ <value>passphrase</value>
+ </choice>
+ </attribute>
+ <optional>
+ <attribute name='secret_id'>
+ <text/>
+ </attribute>
Lets just call this attribute 'uuid' - no need to have
the word 'secret' prefixed on it too.
+ </optional>
+ </element>
+ </define>
+
+</grammar>
+static int
+virStorageEncryptionSecretFormat(virConnectPtr conn,
+ virBufferPtr buf,
+ virStorageEncryptionSecretPtr secret)
+{
+ const char *type;
+
+ type = virStorageEncryptionSecretTypeTypeToString(secret->type);
+ if (!type) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("unexpected volume encryption secret type"));
+ return -1;
+ }
+
+ virBufferVSprintf(buf, " <secret type='%s'", type);
+ if (secret->secret_id != NULL)
+ virBufferEscapeString(buf, " secret_id='%s'",
secret->secret_id);
+ virBufferAddLit(buf, "/>\n");
+ return 0;
+}
Tiny indentation bug crept in there.
+
+int
+virStorageEncryptionFormat(virConnectPtr conn,
+ virBufferPtr buf,
+ virStorageEncryptionPtr enc)
+{
+ const char *format;
+ size_t i;
+
+ format = virStorageEncryptionFormatTypeToString(enc->format);
+ if (!format) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ "%s", _("unexpected encryption
format"));
+ return -1;
+ }
+ virBufferVSprintf(buf, " <encryption format='%s'>\n",
format);
+
+ for (i = 0; i < enc->nsecrets; i++) {
+ if (virStorageEncryptionSecretFormat(conn, buf, enc->secrets[i]) < 0)
+ return -1;
+ }
And there too.
+
+ virBufferAddLit(buf, " </encryption>\n");
+
+ return 0;
+}
I think this is generally ok, aside from those minor stylist changes.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
12:31 p.m.
New subject: [libvirt] [PATCH 11/20] Add volume encryption information handling.
----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
> diff --git a/docs/schemas/storageencryption.rng
b/docs/schemas/storageencryption.rng
> --- /dev/null
> +++ b/docs/schemas/storageencryption.rng
> @@ -0,0 +1,37 @@
<snip>
> + <element name='encryption'>
> + <attribute name='format'>
> + <choice>
> + <value>unencrypted</value>
> + <value>default</value>
> + <value>qcow</value>
> + </choice>
> + </attribute>
I don't think we should include 'unencrypted' here. If a volume is
not encrypted, we should simply omit the <encryption> element
entirely in the domain / storage volume XML doc.
Fixed.
> + <element name='secret'>
> + <attribute name='type'>
> + <choice>
> + <value>passphrase</value>
> + </choice>
> + </attribute>
> + <optional>
> + <attribute name='secret_id'>
> + <text/>
> + </attribute>
Lets just call this attribute 'uuid' - no need to have
the word 'secret' prefixed on it too.
Fixed. I'd prefer to keep this attribute defined a generic string (as opposed to the
strict hexadecimal UUID format) because some of the possible remote backends might require
a different identifier format.
<snip>
Tiny indentation bug crept in there.
<snip>
And there too.
Fixed both.
Thanks for the review,
Mirek
3:28 p.m.
New subject: [libvirt] [PATCH 12/20] Attach encryption information to virStorageVolDef.
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.
Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation. The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.
Changes since the first submission:
- Attach <encryption> inside <target>.
- Update <volume> schema.
- Add documentation.
- Add a schema validity test.
---
docs/formatstorage.html | 6 ++++++
docs/formatstorage.html.in | 8 ++++++++
docs/schemas/storagevol.rng | 3 +++
src/storage_conf.c | 20 ++++++++++++++++++++
src/storage_conf.h | 4 ++++
tests/storagevolschemadata/vol-qcow2.xml | 4 ++++
6 files changed, 45 insertions(+), 0 deletions(-)
diff --git a/docs/formatstorage.html b/docs/formatstorage.html
index 19936ae..97eaa92 100644
--- a/docs/formatstorage.html
+++ b/docs/formatstorage.html
@@ -252,6 +252,9 @@
<mode>0744</mode>
<label>virt_image_t</label>
</permissions>
+ <encryption type='...'>
+ ...
+ </encryption>
</target>
</pool></pre>
<dl><dt><code>path</code></dt><dd>Provides
the location at which the pool will be mapped into
@@ -274,6 +277,9 @@
element contains the numeric group ID. The <code>label</code> element
contains the MAC (eg SELinux) label string.
<span class="since">Since 0.4.1</span>
+ </dd><dt><code>encryption</code></dt><dd>If
present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage
Encryption</a> page
+ for more information.
</dd></dl>
<h3>
<a name="StoragePoolExtents"
id="StoragePoolExtents">Device extents</a>
diff --git a/docs/formatstorage.html.in b/docs/formatstorage.html.in
index 4878d72..3ed88a2 100644
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -124,6 +124,9 @@
<mode>0744</mode>
<label>virt_image_t</label>
</permissions>
+ <encryption type='...'>
+ ...
+ </encryption>
</target>
</pool></pre>
@@ -152,6 +155,11 @@
contains the MAC (eg SELinux) label string.
<span class="since">Since 0.4.1</span>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage
Encryption</a> page
+ for more information.
+ </dd>
</dl>
<h3><a name="StoragePoolExtents">Device
extents</a></h3>
diff --git a/docs/schemas/storagevol.rng b/docs/schemas/storagevol.rng
index 7dc7876..6ab685a 100644
--- a/docs/schemas/storagevol.rng
+++ b/docs/schemas/storagevol.rng
@@ -6,6 +6,8 @@
<ref name='vol'/>
</start>
+ <include href='storageencryption.rng'/>
+
<define name='vol'>
<element name='volume'>
@@ -74,6 +76,7 @@
</optional>
<ref name='format'/>
<ref name='permissions'/>
+ <ref name='encryption'/>
</element>
</define>
diff --git a/src/storage_conf.c b/src/storage_conf.c
index 075279c..9a1b0ba 100644
--- a/src/storage_conf.c
+++ b/src/storage_conf.c
@@ -265,8 +265,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
VIR_FREE(def->target.path);
VIR_FREE(def->target.perms.label);
+ virStorageEncryptionFree(def->target.encryption);
VIR_FREE(def->backingStore.path);
VIR_FREE(def->backingStore.perms.label);
+ virStorageEncryptionFree(def->backingStore.encryption);
VIR_FREE(def);
}
@@ -960,6 +962,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
char *allocation = NULL;
char *capacity = NULL;
char *unit = NULL;
+ xmlNodePtr node;
options = virStorageVolOptionsForPoolType(pool->type);
if (options == NULL)
@@ -1024,6 +1027,19 @@ virStorageVolDefParseXML(virConnectPtr conn,
"./target/permissions", 0600) < 0)
goto cleanup;
+ node = virXPathNode(conn, "./target/encryption", ctxt);
+ if (node != NULL) {
+ virStorageEncryptionPtr enc;
+
+ enc = virStorageEncryptionParseNode(conn, ctxt->doc, node);
+ if (enc == NULL)
+ goto cleanup;
+ if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED)
+ ret->target.encryption = enc;
+ else
+ virStorageEncryptionFree(enc);
+ }
+
ret->backingStore.path = virXPathString(conn,
"string(./backingStore/path)", ctxt);
@@ -1194,6 +1210,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
virBufferAddLit(buf," </permissions>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+ return -1;
+
virBufferVSprintf(buf, " </%s>\n", type);
return 0;
diff --git a/src/storage_conf.h b/src/storage_conf.h
index a6c3650..8ae1742 100644
--- a/src/storage_conf.h
+++ b/src/storage_conf.h
@@ -26,6 +26,7 @@
#include "internal.h"
#include "util.h"
+#include "storage_encryption.h"
#include "threads.h"
#include <libxml/tree.h>
@@ -77,6 +78,9 @@ struct _virStorageVolTarget {
int format;
virStoragePerms perms;
int type; /* only used by disk backend for partition type */
+ /* Only used if not "unencrypted".
+ Currently used only in virStorageVolDef.target, not in .backingstore. */
+ virStorageEncryptionPtr encryption;
};
diff --git a/tests/storagevolschemadata/vol-qcow2.xml
b/tests/storagevolschemadata/vol-qcow2.xml
index c1cf02f..b07c93c 100644
--- a/tests/storagevolschemadata/vol-qcow2.xml
+++ b/tests/storagevolschemadata/vol-qcow2.xml
@@ -14,6 +14,10 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
+ <encryption format='qcow'>
+ <secret type='passphrase'
+ secret_id='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+ </encryption>
</target>
<backingStore>
<path>/var/lib/libvirt/images/BaseDemo.img</path>
--
1.6.2.5
11:37 a.m.
New subject: [libvirt] [PATCH 12/20] Attach encryption information to virStorageVolDef.
On Tue, Aug 04, 2009 at 10:28:27PM +0200, Miloslav Trma?? wrote:
The XML allows <encryption format='unencrypted'/>, this
implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.
Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation. The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.
diff --git a/docs/schemas/storagevol.rng
b/docs/schemas/storagevol.rng
index 7dc7876..6ab685a 100644
--- a/docs/schemas/storagevol.rng
+++ b/docs/schemas/storagevol.rng
@@ -6,6 +6,8 @@
<ref name='vol'/>
</start>
+ <include href='storageencryption.rng'/>
+
<define name='vol'>
<element name='volume'>
@@ -74,6 +76,7 @@
</optional>
<ref name='format'/>
<ref name='permissions'/>
+ <ref name='encryption'/>
</element>
</define>
To allow removal of "<encryption>" for non-encrypted cases, I
believe we'd need to add
<optional>
<ref name='encrption'/>
</optional>
Unless that's 'encryption' schema rule itself has <optional>
already ?
diff --git a/src/storage_conf.c b/src/storage_conf.c
index 075279c..9a1b0ba 100644
--- a/src/storage_conf.c
+++ b/src/storage_conf.c
@@ -265,8 +265,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
VIR_FREE(def->target.path);
VIR_FREE(def->target.perms.label);
+ virStorageEncryptionFree(def->target.encryption);
VIR_FREE(def->backingStore.path);
VIR_FREE(def->backingStore.perms.label);
+ virStorageEncryptionFree(def->backingStore.encryption);
VIR_FREE(def);
}
@@ -960,6 +962,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
char *allocation = NULL;
char *capacity = NULL;
char *unit = NULL;
+ xmlNodePtr node;
options = virStorageVolOptionsForPoolType(pool->type);
if (options == NULL)
@@ -1024,6 +1027,19 @@ virStorageVolDefParseXML(virConnectPtr conn,
"./target/permissions", 0600) < 0)
goto cleanup;
+ node = virXPathNode(conn, "./target/encryption", ctxt);
+ if (node != NULL) {
+ virStorageEncryptionPtr enc;
+
+ enc = virStorageEncryptionParseNode(conn, ctxt->doc, node);
+ if (enc == NULL)
+ goto cleanup;
+ if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED)
+ ret->target.encryption = enc;
+ else
+ virStorageEncryptionFree(enc);
+ }
+
ret->backingStore.path = virXPathString(conn,
"string(./backingStore/path)", ctxt);
@@ -1194,6 +1210,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
virBufferAddLit(buf," </permissions>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+ return -1;
+
virBufferVSprintf(buf, " </%s>\n", type);
return 0;
diff --git a/src/storage_conf.h b/src/storage_conf.h
index a6c3650..8ae1742 100644
--- a/src/storage_conf.h
+++ b/src/storage_conf.h
@@ -26,6 +26,7 @@
#include "internal.h"
#include "util.h"
+#include "storage_encryption.h"
#include "threads.h"
#include <libxml/tree.h>
@@ -77,6 +78,9 @@ struct _virStorageVolTarget {
int format;
virStoragePerms perms;
int type; /* only used by disk backend for partition type */
+ /* Only used if not "unencrypted".
+ Currently used only in virStorageVolDef.target, not in .backingstore. */
+ virStorageEncryptionPtr encryption;
};
diff --git a/tests/storagevolschemadata/vol-qcow2.xml
b/tests/storagevolschemadata/vol-qcow2.xml
index c1cf02f..b07c93c 100644
--- a/tests/storagevolschemadata/vol-qcow2.xml
+++ b/tests/storagevolschemadata/vol-qcow2.xml
@@ -14,6 +14,10 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
+ <encryption format='qcow'>
+ <secret type='passphrase'
+ secret_id='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+ </encryption>
</target>
<backingStore>
<path>/var/lib/libvirt/images/BaseDemo.img</path>
--
1.6.2.5
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
9:23 a.m.
New subject: [libvirt] [PATCH 12/20] Attach encryption information to virStorageVolDef.
----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
> <define name='vol'>
> <element name='volume'>
> @@ -74,6 +76,7 @@
> </optional>
> <ref name='format'/>
> <ref name='permissions'/>
> + <ref name='encryption'/>
> </element>
> </define>
To allow removal of "<encryption>" for non-encrypted cases, I
believe we'd need to add
<optional>
<ref name='encrption'/>
</optional>
Unless that's 'encryption' schema rule itself has <optional>
already ?
Yes, it currently does. I'll move the <optional> to the users,
to be more explicit.
Thanks for the review,
Mirek
3:28 p.m.
New subject: [libvirt] [PATCH 13/20] Recognize encryption format of qcow volumes.
(The implementation is not very generic, but that can be very
easily rectified if/when new encryption formats appear.)
Changes since first submission:
- Move <encryption> inside <target>.
---
src/storage_backend_fs.c | 61 +++++++++++++++++++++++++++++++++++----------
1 files changed, 47 insertions(+), 14 deletions(-)
diff --git a/src/storage_backend_fs.c b/src/storage_backend_fs.c
index ca6d329..5568b20 100644
--- a/src/storage_backend_fs.c
+++ b/src/storage_backend_fs.c
@@ -26,6 +26,7 @@
#include <sys/statvfs.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <stdbool.h>
#include <stdio.h>
#include <dirent.h>
#include <errno.h>
@@ -81,6 +82,9 @@ struct FileTypeInfo {
/* Store a COW base image path (possibly relative),
* or NULL if there is no COW base image, to RES;
* return BACKING_STORE_* */
+ int qcowCryptOffset; /* Byte offset from start of file
+ * where to find encryption mode,
+ * -1 if encryption is not used */
int (*getBackingStore)(virConnectPtr conn, char **res,
const unsigned char *buf, size_t buf_size);
};
@@ -89,54 +93,54 @@ struct FileTypeInfo const fileTypeInfo[] = {
/* XXX Untested
{ VIR_STORAGE_VOL_FILE_BOCHS, "Bochs Virtual HD Image", NULL,
LV_LITTLE_ENDIAN, 64, 0x20000,
- 32+16+16+4+4+4+4+4, 8, 1, NULL },*/
+ 32+16+16+4+4+4+4+4, 8, 1, -1, NULL },*/
/* CLoop */
/* XXX Untested
{ VIR_STORAGE_VOL_CLOOP, "#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0
&& mount -r -t iso9660 /dev/cloop $1\n", NULL,
LV_LITTLE_ENDIAN, -1, 0,
- -1, 0, 0, NULL }, */
+ -1, 0, 0, -1, NULL }, */
/* Cow */
{ VIR_STORAGE_VOL_FILE_COW, "OOOM", NULL,
LV_BIG_ENDIAN, 4, 2,
- 4+4+1024+4, 8, 1, cowGetBackingStore },
+ 4+4+1024+4, 8, 1, -1, cowGetBackingStore },
/* DMG */
/* XXX QEMU says there's no magic for dmg, but we should check... */
{ VIR_STORAGE_VOL_FILE_DMG, NULL, ".dmg",
0, -1, 0,
- -1, 0, 0, NULL },
+ -1, 0, 0, -1, NULL },
/* XXX there's probably some magic for iso we can validate too... */
{ VIR_STORAGE_VOL_FILE_ISO, NULL, ".iso",
0, -1, 0,
- -1, 0, 0, NULL },
+ -1, 0, 0, -1, NULL },
/* Parallels */
/* XXX Untested
{ VIR_STORAGE_VOL_FILE_PARALLELS, "WithoutFreeSpace", NULL,
LV_LITTLE_ENDIAN, 16, 2,
- 16+4+4+4+4, 4, 512, NULL },
+ 16+4+4+4+4, 4, 512, -1, NULL },
*/
/* QCow */
{ VIR_STORAGE_VOL_FILE_QCOW, "QFI", NULL,
LV_BIG_ENDIAN, 4, 1,
- 4+4+8+4+4, 8, 1, qcowXGetBackingStore },
+ 4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcowXGetBackingStore },
/* QCow 2 */
{ VIR_STORAGE_VOL_FILE_QCOW2, "QFI", NULL,
LV_BIG_ENDIAN, 4, 2,
- 4+4+8+4+4, 8, 1, qcowXGetBackingStore },
+ 4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcowXGetBackingStore },
/* VMDK 3 */
/* XXX Untested
{ VIR_STORAGE_VOL_FILE_VMDK, "COWD", NULL,
LV_LITTLE_ENDIAN, 4, 1,
- 4+4+4, 4, 512, NULL },
+ 4+4+4, 4, 512, -1, NULL },
*/
/* VMDK 4 */
{ VIR_STORAGE_VOL_FILE_VMDK, "KDMV", NULL,
LV_LITTLE_ENDIAN, 4, 1,
- 4+4+4, 8, 512, vmdk4GetBackingStore },
+ 4+4+4, 8, 512, -1, vmdk4GetBackingStore },
/* Connectix / VirtualPC */
/* XXX Untested
{ VIR_STORAGE_VOL_FILE_VPC, "conectix", NULL,
LV_BIG_ENDIAN, -1, 0,
- -1, 0, 0, NULL},
+ -1, 0, 0, -1, NULL},
*/
};
@@ -282,13 +286,16 @@ static int virStorageBackendProbeTarget(virConnectPtr conn,
virStorageVolTargetPtr target,
char **backingStore,
unsigned long long *allocation,
- unsigned long long *capacity) {
+ unsigned long long *capacity,
+ virStorageEncryptionPtr *encryption) {
int fd;
unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */
int len, i, ret;
if (backingStore)
*backingStore = NULL;
+ if (encryption)
+ *encryption = NULL;
if ((fd = open(target->path, O_RDONLY)) < 0) {
virReportSystemError(conn, errno,
@@ -317,6 +324,8 @@ static int virStorageBackendProbeTarget(virConnectPtr conn,
/* First check file magic */
for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
int mlen;
+ bool encrypted_qcow = false;
+
if (fileTypeInfo[i].magic == NULL)
continue;
@@ -375,6 +384,16 @@ static int virStorageBackendProbeTarget(virConnectPtr conn,
*capacity *= fileTypeInfo[i].sizeMultiplier;
}
+ if (fileTypeInfo[i].qcowCryptOffset != -1) {
+ int crypt_format;
+
+ crypt_format = (head[fileTypeInfo[i].qcowCryptOffset] << 24) |
+ (head[fileTypeInfo[i].qcowCryptOffset+1] << 16) |
+ (head[fileTypeInfo[i].qcowCryptOffset+2] << 8) |
+ head[fileTypeInfo[i].qcowCryptOffset+3];
+ encrypted_qcow = crypt_format != 0;
+ }
+
/* Validation passed, we know the file format now */
target->format = fileTypeInfo[i].type;
if (fileTypeInfo[i].getBackingStore != NULL && backingStore) {
@@ -400,6 +419,18 @@ static int virStorageBackendProbeTarget(virConnectPtr conn,
}
}
}
+ if (encryption != NULL && encrypted_qcow) {
+ virStorageEncryptionPtr enc;
+
+ if (VIR_ALLOC(enc) < 0) {
+ virReportOOMError(conn);
+ if (backingStore)
+ VIR_FREE(*backingStore);
+ return -1;
+ }
+ enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
+ *encryption = enc;
+ }
return 0;
}
@@ -868,7 +899,8 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn,
&vol->target,
&backingStore,
&vol->allocation,
- &vol->capacity) < 0)) {
+ &vol->capacity,
+ &vol->target.encryption) < 0))
{
if (ret == -1)
goto cleanup;
else {
@@ -908,7 +940,8 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn,
if ((ret = virStorageBackendProbeTarget(conn,
&vol->backingStore,
- NULL, NULL, NULL)) < 0) {
+ NULL, NULL, NULL,
+ NULL)) < 0) {
if (ret == -1)
goto cleanup;
else {
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 14/20] Add support for encrypted (qcow) volume creation.
Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.
Curiously, qemu-img does not need the passphrase for anything to create
an encrypted volume. This implementation thus does not need to touch
any secrets to work with cooperating clients. More generic passphrase
handling is added in the next patch.
Changes since first submission:
- Move <encryption> inside <target>.
- Don't discard secrets after volume creation.
- Refuse <encryption> specifying more than one secret when creating qcow
or qcow2 volumes
---
src/storage_backend.c | 47 +++++++++++++++++++++++++++++++++++++++-
src/storage_backend_disk.c | 7 ++++++
src/storage_backend_fs.c | 7 ++++++
src/storage_backend_logical.c | 7 ++++++
4 files changed, 66 insertions(+), 2 deletions(-)
diff --git a/src/storage_backend.c b/src/storage_backend.c
index 07a2e48..2d37b8b 100644
--- a/src/storage_backend.c
+++ b/src/storage_backend.c
@@ -246,6 +246,13 @@ virStorageBackendCreateRaw(virConnectPtr conn,
unsigned long long remain;
char *buf = NULL;
+ if (vol->target.encryption != NULL) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ "%s", _("storage pool does not support
encrypted "
+ "volumes"));
+ return -1;
+ }
+
if ((fd = open(vol->target.path, O_RDWR | O_CREAT | O_EXCL,
vol->target.perms.mode)) < 0) {
virReportSystemError(conn, errno,
@@ -346,15 +353,17 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
NULL;
const char **imgargv;
+ /* The extra NULL field is for indicating encryption (-e). */
const char *imgargvnormal[] = {
NULL, "create",
"-f", type,
vol->target.path,
size,
NULL,
+ NULL
};
/* Extra NULL fields are for including "backingType" when using
- * kvm-img. It's -F backingType
+ * kvm-img (-F backingType), and for indicating encryption (-e).
*/
const char *imgargvbacking[] = {
NULL, "create",
@@ -364,6 +373,7 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
size,
NULL,
NULL,
+ NULL,
NULL
};
const char *convargv[] = {
@@ -417,6 +427,28 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
}
}
+ if (vol->target.encryption != NULL) {
+ if (vol->target.format != VIR_STORAGE_VOL_FILE_QCOW &&
+ vol->target.format != VIR_STORAGE_VOL_FILE_QCOW2) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("qcow volume encryption unsupported with "
+ "volume format %s"), type);
+ return -1;
+ }
+ if (vol->target.encryption->format !=
+ VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ _("unsupported volume encryption format
%d"),
+ vol->target.encryption->format);
+ return -1;
+ }
+ if (vol->target.encryption->nsecrets > 1) {
+ virStorageReportError(conn, VIR_ERR_INVALID_STORAGE_VOL,
+ _("too many secrets for qcow encryption"));
+ return -1;
+ }
+ }
+
if ((create_tool = virFindFileInPath("kvm-img")) != NULL)
use_kvmimg = 1;
else if ((create_tool = virFindFileInPath("qemu-img")) != NULL)
@@ -437,11 +469,16 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
imgargvbacking[7] = backingType;
imgargvbacking[8] = vol->target.path;
imgargvbacking[9] = size;
- }
+ if (vol->target.encryption != NULL)
+ imgargvbacking[10] = "-e";
+ } else if (vol->target.encryption != NULL)
+ imgargvbacking[8] = "-e";
imgargv = imgargvbacking;
} else {
imgargvnormal[0] = create_tool;
imgargv = imgargvnormal;
+ if (vol->target.encryption != NULL)
+ imgargv[6] = "-e";
}
@@ -489,6 +526,12 @@ virStorageBackendCreateQcowCreate(virConnectPtr conn,
"qcow-create"));
return -1;
}
+ if (vol->target.encryption != NULL) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ "%s", _("encrypted volumes not supported
with "
+ "qcow-create"));
+ return -1;
+ }
/* Size in MB - yes different units to qemu-img :-( */
snprintf(size, sizeof(size), "%llu", vol->capacity/1024/1024);
diff --git a/src/storage_backend_disk.c b/src/storage_backend_disk.c
index ae2acae..6fdb566 100644
--- a/src/storage_backend_disk.c
+++ b/src/storage_backend_disk.c
@@ -557,6 +557,13 @@ virStorageBackendDiskCreateVol(virConnectPtr conn,
NULL
};
+ if (vol->target.encryption != NULL) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ "%s", _("storage pool does not support
encrypted "
+ "volumes"));
+ return -1;
+ }
+
if (virStorageBackendDiskPartFormat(conn, pool, vol, partFormat) != 0) {
return -1;
}
diff --git a/src/storage_backend_fs.c b/src/storage_backend_fs.c
index 5568b20..65b656d 100644
--- a/src/storage_backend_fs.c
+++ b/src/storage_backend_fs.c
@@ -1102,6 +1102,13 @@ _virStorageBackendFileSystemVolBuild(virConnectPtr conn,
int tool_type;
if (inputvol) {
+ if (vol->target.encryption != NULL) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ "%s", _("storage pool does not support
"
+ "building encrypted volumes from "
+ "other volumes"));
+ return -1;
+ }
create_func = virStorageBackendGetBuildVolFromFunction(conn, vol,
inputvol);
if (!create_func)
diff --git a/src/storage_backend_logical.c b/src/storage_backend_logical.c
index 6c123ae..bc40dd7 100644
--- a/src/storage_backend_logical.c
+++ b/src/storage_backend_logical.c
@@ -581,6 +581,13 @@ virStorageBackendLogicalCreateVol(virConnectPtr conn,
};
const char **cmdargv = cmdargvnew;
+ if (vol->target.encryption != NULL) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
+ "%s", _("storage pool does not support
encrypted "
+ "volumes"));
+ return -1;
+ }
+
if (vol->backingStore.path) {
cmdargv = cmdargvsnap;
}
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 15/20] Provide missing passphrase when creating a volume.
If the <encryption format='qcow'> element does not specify a secret
during volume creation, generate a suitable secret and add it to the
<encryption> tag. The caller can view the updated <encryption> tag
using virStorageVolGetXMLDesc().
Similarly, when <encryption format='default'/> is specified while
creating a qcow or qcow2-formatted volume, change the format to "qcow"
and generate a secret as described above.
---
src/storage_backend.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 119 insertions(+), 3 deletions(-)
diff --git a/src/storage_backend.c b/src/storage_backend.c
index 2d37b8b..53bca65 100644
--- a/src/storage_backend.c
+++ b/src/storage_backend.c
@@ -43,6 +43,7 @@
#include <selinux/selinux.h>
#endif
+#include "datatypes.h"
#include "virterror_internal.h"
#include "util.h"
#include "memory.h"
@@ -331,6 +332,113 @@ cleanup:
}
static int
+virStorageGenerateQcowEncryption(virConnectPtr conn,
+ virStorageVolDefPtr vol)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ virStorageEncryptionPtr enc;
+ virStorageEncryptionSecretPtr enc_secret = NULL;
+ char *secret_id = NULL, *tmp = NULL;
+ unsigned char secret[16];
+ int ret = -1, fd = -1;
+ size_t i;
+
+ if (conn->secretDriver == NULL || conn->secretDriver->allocateID == NULL ||
+ conn->secretDriver->setXML == NULL ||
+ conn->secretDriver->setValue == NULL) {
+ virStorageReportError(conn, VIR_ERR_NO_SUPPORT, "%s",
+ _("secret storage not supported"));
+ goto cleanup;
+ }
+
+ enc = vol->target.encryption;
+ if (enc->nsecrets != 0) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("secrets already defined"));
+ goto cleanup;
+ }
+
+ if (VIR_ALLOC(enc_secret) < 0 || VIR_REALLOC_N(enc->secrets, 1) < 0) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
+ secret_id = conn->secretDriver->allocateID(conn);
+ if (secret_id == NULL)
+ goto cleanup;
+
+ virBufferAddLit(&buf, "<secret ephemeral='no'
private='no'>");
+ virBufferEscapeString(&buf,
+ "<description>qcow passphrase for
%s</description>",
+ vol->target.path);
+ virBufferEscapeString(&buf, "<volume>%s</volume>",
vol->target.path);
+ virBufferAddLit(&buf, "</secret>");
+ if (virBufferError(&buf)) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+ tmp = virBufferContentAndReset(&buf);
+ if (conn->secretDriver->setXML(conn, secret_id, tmp) < 0) {
+ VIR_FREE(tmp);
+ goto cleanup;
+ }
+ VIR_FREE(tmp);
+
+ /* A qcow passphrase is up to 16 bytes, with any data following a NUL
+ ignored. Prohibit control and non-ASCII characters to avoid possible
+ unpleasant surprises with the qemu monitor input mechanism. */
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd < 0) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Cannot open /dev/urandom"));
+ goto cleanup;
+ }
+ i = 0;
+ while (i < sizeof (secret)) {
+ ssize_t r;
+
+ while ((r = read(fd, secret + i, 1)) == -1 && errno == EINTR)
+ ;
+ if (r <= 0) {
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Cannot read from /dev/urandom"));
+ goto cleanup;
+ }
+ if (secret[i] >= 0x20 && secret[i] <= 0x7E)
+ i++; /* Got an acceptable character */
+ }
+ close(fd);
+ fd = -1;
+
+ if (conn->secretDriver->setValue(conn, secret_id, secret,
+ sizeof(secret)) < 0)
+ goto cleanup;
+
+ enc_secret->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
+ enc_secret->secret_id = secret_id;
+ secret_id = NULL;
+ enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
+ enc->secrets[0] = enc_secret; /* Space for secrets[0] allocated above */
+ enc_secret = NULL;
+ enc->nsecrets = 1;
+
+ ret = 0;
+
+cleanup:
+ if (fd != -1)
+ close(fd);
+ tmp = virBufferContentAndReset(&buf);
+ VIR_FREE(tmp);
+ if (secret_id != NULL) {
+ if (conn->secretDriver->delete != NULL)
+ conn->secretDriver->delete(conn, secret_id);
+ VIR_FREE(secret_id);
+ }
+ VIR_FREE(enc_secret);
+ return ret;
+}
+
+static int
virStorageBackendCreateQemuImg(virConnectPtr conn,
virStorageVolDefPtr vol,
virStorageVolDefPtr inputvol,
@@ -428,6 +536,8 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
}
if (vol->target.encryption != NULL) {
+ virStorageEncryptionPtr enc;
+
if (vol->target.format != VIR_STORAGE_VOL_FILE_QCOW &&
vol->target.format != VIR_STORAGE_VOL_FILE_QCOW2) {
virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
@@ -435,18 +545,24 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
"volume format %s"), type);
return -1;
}
- if (vol->target.encryption->format !=
- VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) {
+ enc = vol->target.encryption;
+ if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_QCOW &&
+ enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) {
virStorageReportError(conn, VIR_ERR_NO_SUPPORT,
_("unsupported volume encryption format
%d"),
vol->target.encryption->format);
return -1;
}
- if (vol->target.encryption->nsecrets > 1) {
+ if (enc->nsecrets > 1) {
virStorageReportError(conn, VIR_ERR_INVALID_STORAGE_VOL,
_("too many secrets for qcow encryption"));
return -1;
}
+ if (enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
+ enc->nsecrets == 0) {
+ if (virStorageGenerateQcowEncryption(conn, vol) < 0)
+ return -1;
+ }
}
if ((create_tool = virFindFileInPath("kvm-img")) != NULL)
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 16/20] Attach encryption information to virDomainDiskDef.
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.
A domain with partial encryption information can be defined,
completeness of the information is not verified. The domain won't
start until the remaining information is added, of course.
Changes since the first submission:
- Add schema for the <encryption> tag.
- Document the <encryption> tag.
- Ignore VIR_DOMAIN_XML_SECURE, the <secret> tags are always output.
---
docs/formatdomain.html | 6 ++++++
docs/formatdomain.html.in | 8 ++++++++
docs/schemas/domain.rng | 3 +++
src/domain_conf.c | 19 +++++++++++++++++++
src/domain_conf.h | 2 ++
5 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/docs/formatdomain.html b/docs/formatdomain.html
index f2d7855..c483195 100644
--- a/docs/formatdomain.html
+++ b/docs/formatdomain.html
@@ -453,6 +453,9 @@
<driver name="tap" type="aio">
<source file='/var/lib/xen/images/fv0'/>
<target dev='hda' bus='ide'/>
+ <encryption type='...'>
+ ...
+ </encryption>
</disk>
...</pre>
<dl><dt><code>disk</code></dt><dd>The
<code>disk</code> element is the main container for describing
@@ -478,6 +481,9 @@
<code>driver</code> element allows them to be selected. The
<code>name</code>
attribute is the primary backend driver name, while the optional
<code>type</code>
attribute provides the sub-type. <span class="since">Since
0.1.8</span>
+ </dd><dt><code>encryption</code></dt><dd>If
present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage
Encryption</a> page
+ for more information.
</dd></dl>
<h4>
<a name="elementsUSB" id="elementsUSB">USB and PCI
devices</a>
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index eb12784..211f7ed 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -338,6 +338,9 @@
<driver name="tap" type="aio">
<source file='/var/lib/xen/images/fv0'/>
<target dev='hda' bus='ide'/>
+ <encryption type='...'>
+ ...
+ </encryption>
</disk>
...</pre>
@@ -373,6 +376,11 @@
attribute is the primary backend driver name, while the optional
<code>type</code>
attribute provides the sub-type. <span class="since">Since
0.1.8</span>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage
Encryption</a> page
+ for more information.
+ </dd>
</dl>
<h4><a name="elementsUSB">USB and PCI
devices</a></h4>
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index f857301..4defc1e 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -4,6 +4,8 @@
<start>
<ref name="domain"/>
</start>
+
+ <include href='storageencryption.rng'/>
<!--
We handle only document defining a domain
-->
@@ -336,6 +338,7 @@
<empty/>
</element>
</optional>
+ <ref name="encryption"/>
</define>
<!--
A disk description can be either of type file or block
diff --git a/src/domain_conf.c b/src/domain_conf.c
index 2301a96..710eff4 100644
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@@ -288,6 +288,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
VIR_FREE(def->dst);
VIR_FREE(def->driverName);
VIR_FREE(def->driverType);
+ virStorageEncryptionFree(def->encryption);
VIR_FREE(def);
}
@@ -658,6 +659,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
char *bus = NULL;
char *cachetag = NULL;
char *devaddr = NULL;
+ virStorageEncryptionPtr encryption = NULL;
if (VIR_ALLOC(def) < 0) {
virReportOOMError(conn);
@@ -715,6 +717,17 @@ virDomainDiskDefParseXML(virConnectPtr conn,
} else if ((flags & VIR_DOMAIN_XML_INTERNAL_STATUS) &&
xmlStrEqual(cur->name, BAD_CAST "state")) {
devaddr = virXMLPropString(cur, "devaddr");
+ } else if (encryption == NULL &&
+ xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+ encryption = virStorageEncryptionParseNode(conn, node->doc,
+ cur);
+ if (encryption == NULL)
+ goto error;
+ if (encryption->format ==
+ VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED) {
+ virStorageEncryptionFree(encryption);
+ encryption = NULL;
+ }
}
}
cur = cur->next;
@@ -833,6 +846,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
driverName = NULL;
def->driverType = driverType;
driverType = NULL;
+ def->encryption = encryption;
+ encryption = NULL;
cleanup:
VIR_FREE(bus);
@@ -844,6 +859,7 @@ cleanup:
VIR_FREE(driverName);
VIR_FREE(cachetag);
VIR_FREE(devaddr);
+ virStorageEncryptionFree(encryption);
return def;
@@ -3501,6 +3517,9 @@ virDomainDiskDefFormat(virConnectPtr conn,
virBufferAddLit(buf, " <readonly/>\n");
if (def->shared)
virBufferAddLit(buf, " <shareable/>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+ return -1;
if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS) {
virBufferAddLit(buf, " <state");
diff --git a/src/domain_conf.h b/src/domain_conf.h
index 63fca76..c8ff282 100644
--- a/src/domain_conf.h
+++ b/src/domain_conf.h
@@ -30,6 +30,7 @@
#include "internal.h"
#include "capabilities.h"
+#include "storage_encryption.h"
#include "util.h"
#include "threads.h"
@@ -117,6 +118,7 @@ struct _virDomainDiskDef {
unsigned bus;
unsigned slot;
} pci_addr;
+ virStorageEncryptionPtr encryption;
};
static inline int
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 17/20] Don't assume buffered output echoes the command.
The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
starts with "cmd"). Make the assumption explicit, it will be broken in
a future patch.
---
src/qemu_driver.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 412b68d..17de104 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -2357,10 +2357,11 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
* occurence, and inbetween the command and the newline starting
* the response
*/
- if ((commptr = strstr(buf, cmd)))
+ if ((commptr = strstr(buf, cmd))) {
memmove(buf, commptr, strlen(commptr)+1);
- if ((nlptr = strchr(buf, '\n')))
- memmove(buf+strlen(cmd), nlptr, strlen(nlptr)+1);
+ if ((nlptr = strchr(buf, '\n')))
+ memmove(buf+strlen(cmd), nlptr, strlen(nlptr)+1);
+ }
break;
}
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 18/20] Make handling of monitor prompts more general.
Support arbitrary callbacks for "secondary prompts". Reimplement
qemudMonitorCommandExtra using such a callback.
---
src/qemu_driver.c | 84 +++++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 72 insertions(+), 12 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 17de104..7a2e581 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -88,6 +88,12 @@ static void qemuDriverUnlock(struct qemud_driver *driver)
virMutexUnlock(&driver->lock);
}
+/* Return -1 for error, 0 for success */
+typedef int qemudMonitorExtraPromptHandler(const virDomainObjPtr vm,
+ const char *buf,
+ const char *prompt,
+ void *data);
+
static void qemuDomainEventFlush(int timer, void *opaque);
static void qemuDomainEventQueue(struct qemud_driver *driver,
virDomainEventPtr event);
@@ -116,6 +122,13 @@ static int qemudMonitorCommandWithFd(const virDomainObjPtr vm,
const char *cmd,
int scm_fd,
char **reply);
+static int qemudMonitorCommandWithHandler(const virDomainObjPtr vm,
+ const char *cmd,
+ const char *extraPrompt,
+ qemudMonitorExtraPromptHandler extraHandler,
+ void *handlerData,
+ int scm_fd,
+ char **reply);
static int qemudMonitorCommandExtra(const virDomainObjPtr vm,
const char *cmd,
const char *extra,
@@ -2290,12 +2303,13 @@ out:
}
static int
-qemudMonitorCommandExtra(const virDomainObjPtr vm,
- const char *cmd,
- const char *extra,
- const char *extraPrompt,
- int scm_fd,
- char **reply) {
+qemudMonitorCommandWithHandler(const virDomainObjPtr vm,
+ const char *cmd,
+ const char *extraPrompt,
+ qemudMonitorExtraPromptHandler extraHandler,
+ void *handlerData,
+ int scm_fd,
+ char **reply) {
int size = 0;
char *buf = NULL;
@@ -2339,12 +2353,20 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
/* Look for QEMU prompt to indicate completion */
if (buf) {
- if (extra) {
- if (strstr(buf, extraPrompt) != NULL) {
- if (qemudMonitorSend(vm, extra, -1) < 0)
- return -1;
- extra = NULL;
- }
+ char *foundPrompt;
+
+ if (extraPrompt &&
+ (foundPrompt = strstr(buf, extraPrompt)) != NULL) {
+ char *promptEnd;
+
+ if (extraHandler(vm, buf, foundPrompt, handlerData) < 0)
+ return -1;
+ /* Discard output so far, necessary to detect whether
+ extraPrompt appears again. We don't need the output between
+ original command and this prompt anyway. */
+ promptEnd = foundPrompt + strlen(extraPrompt);
+ memmove(buf, promptEnd, strlen(promptEnd)+1);
+ size -= promptEnd - buf;
} else if ((tmp = strstr(buf, QEMU_CMD_PROMPT)) != NULL) {
char *commptr = NULL, *nlptr = NULL;
/* Preserve the newline */
@@ -2382,6 +2404,44 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
return -1;
}
+struct extraHandlerData
+{
+ const char *reply;
+ bool first;
+};
+
+static int
+qemudMonitorCommandSimpleExtraHandler(const virDomainObjPtr vm,
+ const char *buf ATTRIBUTE_UNUSED,
+ const char *prompt ATTRIBUTE_UNUSED,
+ void *data_)
+{
+ struct extraHandlerData *data = data_;
+
+ if (!data->first)
+ return 0;
+ if (qemudMonitorSend(vm, data->reply, -1) < 0)
+ return -1;
+ data->first = false;
+ return 0;
+}
+
+static int
+qemudMonitorCommandExtra(const virDomainObjPtr vm,
+ const char *cmd,
+ const char *extra,
+ const char *extraPrompt,
+ int scm_fd,
+ char **reply) {
+ struct extraHandlerData data;
+
+ data.reply = extra;
+ data.first = true;
+ return qemudMonitorCommandWithHandler(vm, cmd, extraPrompt,
+ qemudMonitorCommandSimpleExtraHandler,
+ &data, scm_fd, reply);
+}
+
static int
qemudMonitorCommandWithFd(const virDomainObjPtr vm,
const char *cmd,
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 19/20] Consolidate "cont" into qemudMonitorSendCont()
The interface allows qemudMonitorSendCont() to report errors that are
not overridden by its callers.
Also fix a potential infinite loop in qemuDomainCoreDump() if sending
cont repeatedly fails.
Changes since the first submission:
- Suport reporting errors that are not overridden by callers.
---
src/qemu_driver.c | 78 +++++++++++++++++++++++++++++++---------------------
1 files changed, 46 insertions(+), 32 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 7a2e581..d654651 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -28,6 +28,7 @@
#include <dirent.h>
#include <limits.h>
#include <string.h>
+#include <stdbool.h>
#include <stdio.h>
#include <strings.h>
#include <stdarg.h>
@@ -135,6 +136,9 @@ static int qemudMonitorCommandExtra(const virDomainObjPtr vm,
const char *extraPrompt,
int scm_fd,
char **reply);
+static int qemudMonitorSendCont(virConnectPtr conn,
+ const virDomainObjPtr vm,
+ bool *error_reported);
static int qemudDomainSetMemoryBalloon(virConnectPtr conn,
virDomainObjPtr vm,
unsigned long newmem);
@@ -1225,7 +1229,6 @@ static int
qemudInitCpus(virConnectPtr conn,
virDomainObjPtr vm,
const char *migrateFrom) {
- char *info = NULL;
#if HAVE_SCHED_GETAFFINITY
cpu_set_t mask;
int i, maxcpu = QEMUD_CPUMASK_LEN;
@@ -1260,13 +1263,15 @@ qemudInitCpus(virConnectPtr conn,
#endif /* HAVE_SCHED_GETAFFINITY */
if (migrateFrom == NULL) {
+ bool error_reported;
+
/* Allow the CPUS to start executing */
- if (qemudMonitorCommand(vm, "cont", &info) < 0) {
- qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
- "%s", _("resume operation failed"));
+ if (qemudMonitorSendCont(conn, vm, &error_reported) < 0) {
+ if (!error_reported)
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ "%s", _("resume operation
failed"));
return -1;
}
- VIR_FREE(info);
}
return 0;
@@ -2457,6 +2462,20 @@ qemudMonitorCommand(const virDomainObjPtr vm,
return qemudMonitorCommandWithFd(vm, cmd, -1, reply);
}
+static int
+qemudMonitorSendCont(virConnectPtr conn ATTRIBUTE_UNUSED,
+ const virDomainObjPtr vm,
+ bool *error_reported) {
+ char *reply;
+
+ *error_reported = false;
+ if (qemudMonitorCommand(vm, "cont", &reply) < 0)
+ return -1;
+ qemudDebug ("%s: cont reply: %s", vm->def->name, info);
+ VIR_FREE(reply);
+ return 0;
+}
+
static virDrvOpenStatus qemudOpen(virConnectPtr conn,
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
int flags ATTRIBUTE_UNUSED) {
@@ -2941,7 +2960,6 @@ cleanup:
static int qemudDomainResume(virDomainPtr dom) {
struct qemud_driver *driver = dom->conn->privateData;
- char *info;
virDomainObjPtr vm;
int ret = -1;
virDomainEventPtr event = NULL;
@@ -2962,17 +2980,18 @@ static int qemudDomainResume(virDomainPtr dom) {
goto cleanup;
}
if (vm->state == VIR_DOMAIN_PAUSED) {
- if (qemudMonitorCommand(vm, "cont", &info) < 0) {
- qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
- "%s", _("resume operation failed"));
+ bool error_reported;
+
+ if (qemudMonitorSendCont(dom->conn, vm, &error_reported) < 0) {
+ if (!error_reported)
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "%s", _("resume operation
failed"));
goto cleanup;
}
vm->state = VIR_DOMAIN_RUNNING;
- qemudDebug("Reply %s", info);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_RESUMED,
VIR_DOMAIN_EVENT_RESUMED_UNPAUSED);
- VIR_FREE(info);
}
if (virDomainSaveStatus(dom->conn, driver->stateDir, vm) < 0)
goto cleanup;
@@ -3663,13 +3682,13 @@ cleanup:
will support synchronous operations so we always get here after
the migration is complete. */
if (resume && paused) {
- if (qemudMonitorCommand(vm, "cont", &info) < 0) {
- qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
- "%s", _("resuming after dump failed"));
- goto cleanup;
+ bool error_reported;
+
+ if (qemudMonitorSendCont(dom->conn, vm, &error_reported) < 0) {
+ if (!error_reported)
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "%s", _("resuming after dump
failed"));
}
- DEBUG ("%s: cont reply: %s", vm->def->name, info);
- VIR_FREE(info);
}
if (vm)
virDomainObjUnlock(vm);
@@ -4147,13 +4166,14 @@ static int qemudDomainRestore(virConnectPtr conn,
/* If it was running before, resume it now. */
if (header.was_running) {
- char *info;
- if (qemudMonitorCommand(vm, "cont", &info) < 0) {
- qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
- "%s", _("failed to resume domain"));
+ bool error_reported;
+
+ if (qemudMonitorSendCont(conn, vm, &error_reported) < 0) {
+ if (!error_reported)
+ qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+ "%s", _("failed to resume
domain"));
goto cleanup;
}
- VIR_FREE(info);
vm->state = VIR_DOMAIN_RUNNING;
}
ret = 0;
@@ -6591,14 +6611,11 @@ qemudDomainMigratePerform (virDomainPtr dom,
ret = 0;
cleanup:
- /* Note that we have to free info *first*, since we are re-using the
- * variable below (and otherwise might cause a memory leak)
- */
- VIR_FREE(info);
-
if (paused) {
+ bool error_reported;
+
/* we got here through some sort of failure; start the domain again */
- if (qemudMonitorCommand (vm, "cont", &info) < 0) {
+ if (qemudMonitorSendCont(dom->conn, vm, &error_reported) < 0) {
/* Hm, we already know we are in error here. We don't want to
* overwrite the previous error, though, so we just throw something
* to the logs and hope for the best
@@ -6606,16 +6623,13 @@ cleanup:
VIR_ERROR(_("Failed to resume guest %s after failure\n"),
vm->def->name);
}
- else {
- DEBUG ("%s: cont reply: %s", vm->def->name, info);
- VIR_FREE(info);
- }
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_RESUMED,
VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
}
+ VIR_FREE(info);
if (vm)
virDomainObjUnlock(vm);
if (event)
--
1.6.2.5
3:28 p.m.
New subject: [libvirt] [PATCH 20/20] Add support for qcow encrypted volumes to qemu.
Changes since the first submission:
- Update to use the generic "secrets" encryption representation, and the
separate secret store.
- Use qemudMonitorSend()
---
include/libvirt/virterror.h | 1 +
src/qemu_driver.c | 157 ++++++++++++++++++++++++++++++++++++++++--
src/virterror.c | 6 ++
3 files changed, 156 insertions(+), 8 deletions(-)
diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h
index fc24251..53f2f20 100644
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -169,6 +169,7 @@ typedef enum {
VIR_ERR_MULTIPLE_INTERFACES, /* more than one matching interface found */
VIR_WAR_NO_SECRET, /* failed to start secret storage */
VIR_ERR_NO_SECRET, /* secret not found */
+ VIR_ERR_INVALID_SECRET, /* invalid secret */
} virErrorNumber;
/**
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index d654651..dc6e653 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1284,12 +1284,6 @@ qemudInitPasswords(virConnectPtr conn,
virDomainObjPtr vm) {
char *info = NULL;
- /*
- * NB: Might have more passwords to set in the future. eg a qcow
- * disk decryption password, but there's no monitor command
- * for that yet...
- */
-
if ((vm->def->ngraphics == 1) &&
vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
(vm->def->graphics[0]->data.vnc.passwd || driver->vncPassword)) {
@@ -2462,14 +2456,161 @@ qemudMonitorCommand(const virDomainObjPtr vm,
return qemudMonitorCommandWithFd(vm, cmd, -1, reply);
}
+static virStorageEncryptionPtr
+findDomainDiskEncryption(virConnectPtr conn, virDomainObjPtr vm,
+ const char *path)
+{
+ bool seen_volume;
+ int i;
+
+ seen_volume = false;
+ for (i = 0; i < vm->def->ndisks; i++) {
+ virDomainDiskDefPtr disk;
+
+ disk = vm->def->disks[i];
+ if (disk->src != NULL && STREQ(disk->src, path)) {
+ seen_volume = true;
+ if (disk->encryption != NULL)
+ return disk->encryption;
+ }
+ }
+ if (seen_volume)
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INVALID_DOMAIN,
+ _("missing <encryption> for volume %s"), path);
+ else
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("unexpected passphrase request for volume %s"),
+ path);
+ return NULL;
+}
+
+static char *
+findVolumeQcowPassphrase(virConnectPtr conn, virDomainObjPtr vm,
+ const char *path, size_t *passphrase_len)
+{
+ virStorageEncryptionPtr enc;
+ char *passphrase;
+ void *data;
+ size_t size;
+
+ if (conn->secretDriver == NULL || conn->secretDriver->getValue == NULL) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_NO_SUPPORT, "%s",
+ _("secret storage not supported"));
+ return NULL;
+ }
+
+ enc = findDomainDiskEncryption(conn, vm, path);
+ if (enc == NULL)
+ return NULL;
+
+ if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_QCOW ||
+ enc->nsecrets != 1 ||
+ enc->secrets[0]->type !=
+ VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INVALID_DOMAIN,
+ _("invalid <encryption> for volume %s"), path);
+ return NULL;
+ }
+
+ if (enc->secrets[0]->secret_id == NULL) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INVALID_DOMAIN,
+ _("missing secret_id for volume %s"), path);
+ return NULL;
+ }
+ data = conn->secretDriver->getValue(conn, enc->secrets[0]->secret_id,
+ &size, true);
+ if (data == NULL) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_NO_SECRET,
+ _("secret not found for volume %s"), path);
+ return NULL;
+ }
+
+ if (memchr(data, '\0', size) != NULL) {
+ memset(data, 0, size);
+ VIR_FREE(data);
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INVALID_SECRET,
+ _("format='qcow' passphrase for %s must not contain
a "
+ "'\\0'"), path);
+ return NULL;
+ }
+
+ if (VIR_ALLOC_N(passphrase, size + 1) < 0) {
+ memset(data, 0, size);
+ VIR_FREE(data);
+ virReportOOMError(conn);
+ return NULL;
+ }
+ memcpy(passphrase, data, size);
+ passphrase[size] = '\0';
+
+ memset(data, 0, size);
+ VIR_FREE(data);
+
+ *passphrase_len = size;
+ return passphrase;
+}
+
+struct sendVolumePassphraseState {
+ virConnectPtr conn;
+ bool *error_reported;
+};
+
+static int
+qemudMonitorSendVolumePassphrase(const virDomainObjPtr vm,
+ const char *buf,
+ const char *prompt,
+ void *data)
+{
+ const struct sendVolumePassphraseState *state = data;
+ char *passphrase, *path;
+ const char *prompt_path;
+ size_t path_len, passphrase_len = 0;
+ int res;
+
+ /* The complete prompt looks like this:
+ ide0-hd0 (/path/to/volume) is encrypted.
+ Password:
+ "prompt" starts with ") is encrypted". Extract
/path/to/volume. */
+ for (prompt_path = prompt; prompt_path > buf && prompt_path[-1] !=
'(';
+ prompt_path--)
+ ;
+ if (prompt_path == buf)
+ return -1;
+ path_len = prompt - prompt_path;
+ if (VIR_ALLOC_N(path, path_len + 1) < 0)
+ return -1;
+ memcpy(path, prompt_path, path_len);
+ path[path_len] = '\0';
+
+ passphrase = findVolumeQcowPassphrase(state->conn, vm, path,
+ &passphrase_len);
+ VIR_FREE(path);
+ if (passphrase == NULL) {
+ *state->error_reported = true;
+ return -1;
+ }
+
+ res = qemudMonitorSend(vm, passphrase, -1);
+
+ memset(passphrase, 0, passphrase_len);
+ VIR_FREE(passphrase);
+
+ return res;
+}
+
static int
-qemudMonitorSendCont(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemudMonitorSendCont(virConnectPtr conn,
const virDomainObjPtr vm,
bool *error_reported) {
+ struct sendVolumePassphraseState state;
char *reply;
*error_reported = false;
- if (qemudMonitorCommand(vm, "cont", &reply) < 0)
+ state.conn = conn;
+ state.error_reported = error_reported;
+ if (qemudMonitorCommandWithHandler(vm, "cont", ") is
encrypted.",
+ qemudMonitorSendVolumePassphrase,
+ &state, -1, &reply) < 0)
return -1;
qemudDebug ("%s: cont reply: %s", vm->def->name, info);
VIR_FREE(reply);
diff --git a/src/virterror.c b/src/virterror.c
index 137405a..9392498 100644
--- a/src/virterror.c
+++ b/src/virterror.c
@@ -1083,6 +1083,12 @@ virErrorMsg(virErrorNumber error, const char *info)
else
errmsg = _("Secret not found: %s");
break;
+ case VIR_ERR_INVALID_SECRET:
+ if (info == NULL)
+ errmsg = _("Invalid secret");
+ else
+ errmsg = _("Invalid secret: %s");
+ break;
}
return (errmsg);
}
--
1.6.2.5
5585
days inactive
5592
days old
25 comments
3 participants
participants (3)
-
Daniel P. Berrange -
Miloslav Trmac -
Miloslav Trmač